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ABSTRACT:  The  interesting  questions  one  can  ask  about  program  schemas 
include  questions  about  the  "power11  of  classes  of  shemas  and 
their  decision  problems  viz.  halting,  divergence,  equivalence, 
etc.  We  first  consider  the  powers  of  schemas  with  various 
features:  recursion,  equality  tests,  and  several  data  structures 
such  as  pushdown  stacks,  lists,  queues  and  arrays.  We  then 
consider  the  decision  problems  for  schemas  with  equality  and  with 
commutative  and  invertible  functions.  Finally  a  generalized 
class  of  schemas  is  described  in  an  attempt  to  unify  the  various 
classes  of  uninterpreted  and  semi-interpreted  schemas  and  schemas 
with  special  data  structures. 
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Chapter  1.  Introduction 


Program  Schemas  and  Their  Applications 

A  program  schema  is  a  computer  program  in  which  the  basic  functions 
and  predicates  are  left  unspecified.  Essentially,  a  program  schema 
depicts  the  control  structure  of  the  program,  and  leaves  most  of  the 
details  to  be  specified  in  an  interpretation  for  the  functions  and 
predicates  of  the  schema.  Thus,  a  schema  is  not  encumbered  with  the 
details  of  the  actual  domain  of  the  values  it  computes  on.  This  basic 
approach  can  be  used  to  develop  a  machine- independent  theory  of 
computation.  Of  course,  it  is  not  intended  that  such  a  theory  will 
replace  the  other  approaches  that  have  proved  useful,  such  as  recursive 
function  theory,  complexity  theory,  automata  theory,  the  fixpoint  theory 
of  computation  and  Scott's  lattice -theory  approach  to  computation. 
Instead,  it  is  expected  to  supplement  these  by  providing  a  model  for 
computation  in  which  certain  useful  facts  can  be  expressed,  clarified, 
and  understood. 

Some  of  the  applications  of  schemata  theory  are  the  following. 

1.  Comparing  the  power  of  programming  features.  By  "power"  we  mean 
the  ability  to  program  in  a  "natural"  way.  Interpreted  programs  are 
not  very  useful  for  comparing  power  because  interpreted  programming 
languages  are  caught  very  easily  in  the  mire  of  Turing  machine  computa¬ 
bility.  For  example,  iterative  programs  with  just  three  counters  can 
compute  any  "computable'"  function.  Yet,  all  programmers  are  aware  that 
recursion  is  more  "powerful"  than  iteration  alone,  and  that  a  pushdown 


stack  can  be  used  to  eliminate  recursion.  These  notions  become  trans¬ 
parent  at  the  level  of  schemas .  It  is  not  expected,  of  course,  that 
schemas  will  give  a  complete  characterization  of  the  intuitive  notion 
of  power  since  even  informally  there  does  not  seem  to  be  complete 
agreement  on  this  notion.  But  it  is  hoped  that  schemas  will  give  an 
approximation  one  step  better  than  interpreted  programs,  and  possibly 
lead  the  way  for  further  studies . 

2.  Another  application  of  schemata  theory  is  in  the  study  of  program 
optimization.  This  is  to  be  expected  because  optimization  often  involves 
changing  the  control  structure  of  a  program  without  altering  the  outcome 
of  the  computation.  Clceely  related  to  the  question  of  program  optimiza¬ 
tion  is  the  problem  of  recursion  removal.  To  give  an  example,  consider 

the  recursive  program 

F(y)  <=  if  p(y)  then  a  else  F(f(y)) 

where  p  represents  some  predicate  test,  f  represents  some  function, 
and  a  is  some  constant.  It  is  clear  that  the  recursive  call  F(f(y)) 
can  be  replaced  by  iteration:  change  the  value  of  the  variable  y  to 
f (y)  and  repeat  the  "if  p(y)  then  ..."  statement.  In  fact,  this  kind 
of  an  optimization  has  been  introduced  in  many  compilers.  Now,  consider 
the  following  program 

F(y)  <=  if  p(y)  then  a  else  g(y,F(f(y)))  • 

Can  this  recursion  be  replaced  by  iteration?  The  answer  is  yes,  though 
in  general  the  iterative  program  takes  more  time  than  the  recursive 
program.  Sometimes,  however,  we  can  make  use  of  particular  properties 
of  the  functions  f  and  g  to  obtain  more  efficient  code.  For  example, 
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if  the  function  g  is  associative,  this  fact  can  be  used  to  transform 
the  recursive  program  into  one  that  is  essentially  iterative  (analogous 
to  the  earlier  example) : 

F(y)  <=  if  p(y)  then  a  else  G(y,  f(y)) 

G(x,y)  <=  if  p(y)  then  g(x,a)  else  G(g(x,y),  f(y)) 

This  example  points  out  a  limitation  of  the  assumption  that  all  base 
functions  and  predicates  be  completely  uninterpreted,  because  if  such  an 
assumption  is  strictly  adhered  to,  then  the  translation  described  above 
is  not  valid  because  it  assumes  the  associativity  of  the  function  g  . 

What  has  happened  is  that  by  an  insistance  on  modeling  only  the  control 
structure  of  our  program  (by  saying  that  all  base  functions  and  predicates 
must  be  uninterpreted)  we  have  obtained  a  model  that  fails  to  embody  the 
same  essential  relations  on  the  domain  of  the  program  we  were  trying  to 
model.  It  seems,  therefore,  that  in  order  to  have  a  useful  theory  of 
computation  we  must  back  off  from  a  rigid  stance  of  completely  uninteroreted 
base  functions  and  predicates,  and  should  allow  semi -interpreted  schemas 
in  the  theory. 

3*  A  third  application  of  schemata  theory  is  proving  properties  about 
deterministic  processes  (by  "deterministic"  we  mean  deterministic  as 
against  intuitive,  and  not  as  against  stochastic,  or  nondeterministic 
as  in  automata  theory)  .  For  our  purposes  computer  programs  are  the  most 
important  of  the  deterministic  processes  (readers  who  have  spent  long 
hours  trying  to  debug  programs  might  object  to  the  use  of  the  word 
"deterministic"  as  applied  to  computer  programs  --  nevertheless,  we 
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persist) .  Another  example  of  a  deterministic  process  is  a  finite  auto¬ 
maton.  A  side  effect  of  proving  properties  about  schemas,  and  one  that 
has  received  scant  attention  to  date,  is  that  once  certain  properties 
are  proved  about  schemas  they  apply  to  all  the  processes  that  are  modeled 
by  the  schema  (see  Chandra  [1972]).  In  this  way  several  results  can  be 
proven  simultaneously  simply  by  proving  the  corresponding  result  for  an 
appropriate  schema;  and  conceivably,  schemas  could  also  be  used  to  inter¬ 
relate  various  results  in  different  fields  of  the  theory  of  computation. 

To  give  an  example,  the  equivalence  of  two  programs  can  be  proven, 
in  many  cases,  by  proving  the  equivalence  of  the  corresponding  schemas. 
Frequently,  however,  we  need  some  additional  information  about  the  inter¬ 
relations  between  the  base  functions.  Consider  the  following  two  programs 
on  natural  numbers,  where  x  and  y  are  the  inputs,  and  z  is  the  output. 

(1)  z  -  x*y 

(2)  x1-0;y1-y; 

while  yx  /  0  do  begin  x1  -  x+x^  y1  -  y  -1  end; 
z  *-  x^  . 

We  certainly  cannot  prove  the  equivalence  of  these  two  programs  by 
replacing  the  various  functions  (multiplication,  addition,  subtraction) 
by  uninterpreted  functions,,  Instead,  we  need  the  property  that 
multiplication  is  related  to  addition  in  a  certain  way,  in  fact,  multi¬ 
plication  is  defined  by  the  function  F  in  (3)  below.  Using  this 
additional  piece  of  information  we  can  prove  the  equivalence  of  (1) 
and  ( 2)  as  follows . 


(3)  F(x,y)  <=  if  y  =  0  then  0  else  x+F(x*y-l) 

(4)  F(x,y)  <-  if  p(y)  then  a  else  g(x,F(x,f(y))) 

(5)  F(x,y)  <=  G(x* y*  a,y) 

G(x,y,x^,y^)  <=  if  pCy-^)  then  x^  else  G(x,y,g(x,x1),  f  (y-^)) 

(6)  xx  -  a;  y±  -  y; 

while  -!  pCy^  do  begin  x±  *-  gCx^)  ;  y±  -  f^)  eM 
z  -  x^  . 

We  replace  (3)  by  its  corresponding  schema  (4),  translate  it  to  an 
equivalent  schema  (5)  finally  change  the  form  to  make  it  purely 
iterative  (6)  .  Now*  in  this  schema*  if  we  substitute  the  meanings 
of  the  base  functions  and  predicates  we  have  precisely  the  desired 
program  (2) .  One  might  well  ask  why  we  used  schemas  in  this  example. 

The  reason  is  that  this  clearly  separates  the  semantic  part  of  the 
procedure  from  the  syntactic  part  since  the  steps  (4)  to  (5),  and  (5) 
to  (6)  were  purely  a  matter  of  symbol  manipulation.  But  there  is  a  very 
desirable  side  effect  of  this  method.  Having  proved  the  equivalence  of 
(4)  and  (6)  once-  can  also  use  it  to  prove  the  equivalence  of  the 
programs  (7)  and  (8)  where  the  operation  of  exponentiation  (x  )  is 
defined  by  the  function  F  in  (9) • 

(7)  z  - 

(8)  x±  -  1;  y±  -  yj 

while  y1  /  0  do  begin  x1  -  x*x1;  y±  -  y^-1  end; 


(9)  F(x,y)  <=  if  y  =  0  then  1  else  x*F(x,y-l) 


We  should  state  that  the  preceding  is  merely  an  intuitive 
elaboration  rather  than  any  attempt  at  a  formal  presentation  of  what 
schemas  can  be  useful  for. 

Historical  Remarks 

~  **  ■*5»- 

The  study  of  program  schemas  can  be  traced  back  to  the  work  of 
Ianov  [1958,  ItyC-Q]  where  he  treated  the  entire  data  space  of  a  program 
as  being  representable  by  a  single  value  which  could  be  changed  by 
applying  functions,  or  tested  by  applying  predicates  to  it.  These  base 
functions  and  predicates  were  assumed  to  be  total,  but  otherwise 
uninterpreted.  This  model  of  computation  is  quite  closely  related  to 
finite  state  machines  and,  as  may  be  expected,  the  problems  of  termina¬ 
tion  and  equivalence  of  Ianov  schemas  are  decidable.  In  this  regard, 
the  work  of  Rutledge  [I96U]  is  also  to  be  noted. 

But  this  simple  model  of  computation  is  not  adequate  for  describing 
most  computations .  To  obtain  a  better  description  we  would  require  that 
the  functions  and  predicates  of  the  schema  be  related  in  some  way.  For 
example,  the  data  space  in  real  computations  is  usually  divided  inter 
individual  components,  and  functions  and  predicates  are  applied  to  these 
components.  A  convenient  way  of  handling  the  subdivision  of  memory 
(Paterson  [19&7 ,  1968 ] ,  Luckham,  Park  and  Paterson  [1970])  is  to  consider 
schemas  containing  several  variables  (also  called  registers),  one  for 
each  component  of  the  data  space.  The  base  functions  and  predicates 
are  left  uninterpreted.  We  argue  in  Section  U.l,  however,  that  these 
basic  concepts,  viz.,  the  explicit  subdivision  of  data  space  and  the  use 
of  uninterpreted  base  functions  and  predicates,  are  not  as  general  as  could 
be  desired,  and  we  attempt  to  remedy  this  situation. 
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Subsequent  work  in  schemata  theory  has  been  in  studying  the  effects 
of  additional  features,  for  example,  the  use  of  recursion,  counters, 
pushdown  stacks,  arrays,  parallel  computations,  partial  functions  in  the 
interpretations,  etc.  Without  attempting  a  complete  list  of  contributions, 
we  note  the  important  works  of  Karp  and  Miller  [1969],  Paterson  and 
Hewitt  [1971]^  Strong  [1971]>  Garland  and  Luckham  [1971]>  and  Constable 
and  Gries  [1972].  It  is  interesting  to  note  that  the  earlier  works 
tend  to  focus  on  the  decision  problems  of  schemas,  namely,  the  halting, 
divergence  and  equivalence  problems  for  schemas,  and  subsequent  works 
mainly  deal  with  the  problems  of  translation  from  one  class  of  schemas 
to  another  class. 

Outline  of  the  Thesis 

In  this  thesis  we  restrict  our  attention  to  schemas  with  no  explicit 
inputs:  zero-ary  functions  (individual  constants)  serve  the  role  of 
inputs.  The  interpretations  for  a  schema  describe  total  functions  and 
predicates  over  arbitrary  domains  --we  do  not  allow  partial  functions 
or  predicates  in  an  interpretation. 

The  chapters  have  been  organized  so  as  to  separate  the  main  results 
and  the  intuitive  discussion  frcm  the  detailed  proofs  and  examples  which 
relatively  few  readers  would  like  to  plow  through  anyway.  Most  of  the 
material  requires  no  prior  knowledge  of  schemas,  but  many  of  the  proofs 
assume  a  familiarity  with  the  basic  methods  used  by  other  researchers . 

Most  of  the  notation  and  introductory  material  on  schemas  is  contained 

•4 

in  Section  2.1.  Section  2.2  discusses  a  relation  between  schemas  and  formal 
languages  via  value  languages  of  schemas.  This  leads  up  to  a  discussion 


on  the  power  of  various  classes  of  schemas  in  Section  Chapter  3 

deals  with  the  decision  problems  of  schemas.  Tie  first  part  (Section  5-1) 
considers  uninterpreted  flowchart  schemas  with  equality  tests.  The 
second  part  (Section  3.2)  considers  semi -interpreted  schemas,  and,  in 
particular,  considers  the  effect  of  commutativity  and  invertibility 
relations  on  the  decision  problans.  The  final  chapter,  Chapter  4, 
introduces  a  class  of  generalized  schemas .  The  formalism  of  a  first 
order  theory  is  used  to  unify  the  data  structures  used  by  schemas  with 
the  base  values  on  which  the  schemas  compute,  and  it  is  shown  that  much 
of  conventional  schemata  theory  can  be  represented  within  this  framework. 


Chapter  2.  Translation  Problems 


2.1  Introduction 

In  this  section  we  introduce  the  basic  definitions  and  terminology 
to  be  used  in  later  sections .  Only  the  simplest  of  proofs  are  given  in 
the  main  exposition,  the  others  are  postponed  to  Section  2. 1.9. 

In  the  development  of  many  theories  (e.g.  number  theory)  it  hac 
turned  out  that  the  most  fundamental  questions  (e.g.  what  is  a  natural 
number)  are  answered  quite  late  in  the  development.  Part  of  the  reason 
for  this  is  that  the  answers  to  these  questions  are  unnecessary  for  an 
intuitive  understanding  of  much  of  the  theory,  and  the  formalism  necessary 
to  answer  them  can  detract  from  the  simplicity  of  the  rest  of  the  theory. 
In  accordance  with  this  view,  we  will  be  quite  informal  on  many  points, 
namely,  on  the  following  questions: 

(a)  what  is  a  schema, 

(b)  what  is  an  interpretation  corresponding  to  a  schema, 

(c)  what  is  an  uninterpreted  schema, 
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(d)  what  does  the  "value  of  a  variable"  mean. 

The  answers  to  these  questions  are  obvious  for  the  schemas  we  present  in 
this  chapter  and  in  the  next  one,  and  we  dispense  with  formalities  until 
the  last  chapter  which  defines  a  formal  notion  of  schemas. 

2.1.1  Flowchart  Schemas 

A  flowchart  schema  S  has  a  finite  number  of  variables  represented 
by  the  symbols  . .  «>yn,  z\>z2’"',Zm  '  It  uses  uninterpreted 

functions  f^fg,  ...,fr  and  predicates  V1>V2>  .  ..,p  called  the  base 
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functions  and  base  predicates.  We  should  caution  the  reader  at  this  point 
that  we  will  not  restrict  ourselves  to  the  use  of  just  these  symbols  to 
denote  variables,  functions  and  predicates  when  convenience  and  clarity 
demand  otherwise.  Some  01  the  base  functions  may  be  zero-ary  functions, 
also  called  individual  constants,  and  usually  denoted  by  the  symbols 
al,a2; * ’ ’  ’  A  term  T  can  be  built  up  using  the  variables  y^, ...,y 
of  the  schema  and  the  zero-ary  functions,  and  applying  the  other  functions 
to  them.  We  use  the  notation  T(y  ,y  ,...)  to  indicate  that  no 

a.  r. 

variables  other  than  y  ,y  ,...  appear  in  the  term  t  ,  for  example, 

12 

^(y^yj)  indicates  that  no  variable  other  than  y1  and  y?  appears 
in  r  ,  but  it  is  not  necessary  that  both  have  to  appear.  In  accordance 
with  this  nomenclature,  t()  denotes  a  constant  term,  that  is,  a  form 
that  has  no  variables  in  it .  A  monadic  schema  is  a  schema  in  which  only 
zero-ary  and  unary  functions  and  predicates  are  used. 

•A*1  interpretation  I  over  a  domain  D  contains  the  functions  and 
predjcates  f*, . . . , f *,p*, • • • ,p*  which  correspond  to  the  function  and 
predicate  symbols  f^,  . . .,  f^.,p^,  . .  ,,p^  of  a  schema.  If  f  .  is  a  k-ary 
function  symbol,  then  fT  :  Dk  -  D  ;  likewise,  if  p.  is  a  k-ary 
predicate  symbol,  then-  p^  :  Dk  -•  B  where  B  is  the  boolean  domain 
{true, false}  .  We  will  usually  not  distinguish  between  the  symbols  f. 
and  f_^  ,  and  we  will  write  the  latter  simply  as  f.  ,  with  the 
interpretation  I  being  understood. 

A  schema  is  said  to  be  un interpreted  if  all  interpretations  which  specify 
(at  least)  all  the  base  functions  and  predicates  of  the  schema,  are  allowed. 

A  schema  is  said  to  be  interpreted  (partially  interpreted)  if  not  all 
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interpretations  are  allowed.  If  I  is  an  interpretation  that  is  allowed 
for  S  ,  we  say  I  is  an  interpretation  for  S  ,  and  S  admits  I  . 

It  is  clear  that  a  schema  uses  two  kinds  of  values  --  base  values 


which  are  elements  of  the  domain  D  of  the  interpretation,  and 
boolean  values,  which  are  elements  of  the  domain  B  .  Now  the  mystery 


of  two  kinds  of  variables  y±  and  z±  can  be  clarified.  The  variables 


of  the  form  y.  take  on  base  values,  and  variables  z^  take  boolean 


values.  The  y^s  are  called  data  variables,  or  just  variables  for 


short:  the  z.'s  are  called  boolean  variables, 
’  1 - 


An  atomic  formula  is  a  boolean  value,  a  boolean  variable,  or 
p(T,,...,T  )  where  p  is  a  k-ary  predicate.  We  use  the  symbol  a 
to  denote  an  atomic  formula  or  a  negated  atomic  formula  --  sometimes 
called  a  primitive  formula.  In  accordance  with  the  nomenclature  for 
terms,  a()  indicates  a  constant  atomic  formula  (or  negated  atomic 
formula)  . 

The  statements  of  a  flowchart  schema  are  of  the  following  types 
(there  is  a  single  start  statement  in  the  schema) : 


Start  statement: 


Halt  statement: 


HALT(tP^) 
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\\ 


Loup  statement: 


Assignment  statement: 


Test  statement: 


The  assignment  statement  simultaneously  reassigns  the  /alues  of  all 
variables.  Often,  only  a  few  of  these  are  to  be  changed,  and  for 
convenience,  we  allow  the  abbreviations 


which  indicate  that  all  variables  not  explicitly  mentioned  are  unchanged. 

To  represent  flowchart  schemas  we  will  usually  use  the  more  compact 
ALGOL-like  notation,  allowing  the  use  of  labels  (Lj,L2,  ...)  and  goto 
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statements.  In  addition,  we  also  allow  the  use  of  block  structure, 
if-then-else  statements,  while  statements,  and  nonrecursive  procedures 
with  the  tacit  understanding  that  these  features  can  be  eliminated, 
using  goto  statements  instead  to  get  a  "legal"  flowchart  schema. 

Ianov  schemas  are  about  the  simplest  kinds  of  flowchart  schemas. 

A  Ianov  schema  has  a  single  variable  y  ,  and  its  statements  are  of  the 
following  types: 

(1)  STAPT  y  -  a  , 

(2)  HALT(y)  , 

(3)  LOOP  , 

(*0  y  -  ^(y)  ,  and 

(5'  il  Px(y)  then  goto  1^  else  goto  L2  . 

flowchart  schema  with  equality  is  a  flowchart  schema  with  the 
addition  that  atomic  formulas  of  the  form 

T1  =  T2 
are  also  allowed. 

Currently  there  seems  to  be  a  little  misunderstanding  as  to  the 
role  of  schemas  with  equality.  In  our  treatment  a  flowchart  schema  with 
equality  is  not  a  partially  interpreted  schema  because  absolutely  no 
restriction  is  placed  on  the  interpretations  allowed.  This  point  is 
considered  in  greater  detail  in  Section  2. 1.9. 

The  class  of  flowchart  schemas  will  be  denoted  by  C()  ,  and 
flowchart  schemas  with  equality  by  £(=)  .  The  class  of  flowchart  schemas 
that  use  no  more  than  n  data  variables  is  C( n  var)  ,  and  similarly 
£(n  var,  =)  for  equality  schemas.  Note:  schemas  in  <3(n  var)  or  in 
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C-(n  var,  -)  may  have  an  arbitrary  number  of  boolean  variables. 

2*1.2  Augmented  Schemas 

We  will  also  consider  flowchart  schemas  augmented  with  (structural) 
features  designed  to  make  the  schemas  more  powerful. 

A  counter  is  a  variable  (usually  denoted  by  the  letter  c  )  whose 
values  are  non-negative  integers.  All  counters  used  by  a  schema  are 
initialized  to  zero  by  the  start,  statement.  The  operations  allowed 
on  a  counter  are 

(1)  c  -  c+1  , 

(2)  c  -  c-1  ,  and 

(3)  if  c  =  0  then  goto  1^  else  goto  L0  , 

where  L^Lg  are  arbitrary  labels.  The  subtraction  (diminish)  operator 
in  c  -  c-1  is  on  natural  numbers,  that  is,  0-1=0  .  The  class  of 
schemas  with  counters  is  designated  C{c)  ,  schemas  with  at  most  one 

counter  £(lc)  ,  with  a  counter  and  equality  £(lc,=)  ,  and  so  on  in  the 
obvious  way. 

A  pushdown  stack  (usually  denoted  by  the  symbol  s  )  is  a  last-in 
first-out  store  which  can  hold  values  of  both  types  (data,  and  boolean). 
A  schema  with  a  stack  can  "push"  a  data  value  and  a  boolean  value  into 
the  stack,  it  can  "pop"  them  from  the  "top",  and  it  can  test  to  see  if 
the  stack  is  empty.  The  statements  allowed  are: 

(!)  s  *-  push(s,y,  z)  ,  and 


t 


$ 


y 


c. 


a 


o 


o 


a 


r 

►  » 


where  y  denotes  an  arbitrary  data  variable,  z  a  boolean  variable, 

A  the  empty  stack,  and  L  a  label.  The  start  statement  in  a  schema 
initializes  all  stacks  to  be  empty.  The  class  of  schemas  with  pushdown 
stacks  is  C-(pds)  ,  with  at  most  one  stack  C,(lpds)  ,  etc. 

A  queue  (usually  denoted  by  q  )  is  a  first-in  first -out  store. 

A  schema  with  a  queue  can  "add"  values  at  one  end,  and  "remove"  them 
from  the  other  end  (first(q))  ,  and  it  can  test  to  see  if  the  queue 
is  empty.  The  statements  for  a  queue  are: 

(1)  q  -  add(q,y,  z)  ,  and 

(2)  if  q  =  A  then  goto  L  else  begin  (y,  z)  ♦-  first ( q) ;  q  •-  remove(q)  end 

The  start  statement  initializes  all  queues  in  a  schema  to  be  empty. 

A  list  (usually  denoted  by  l  )  is  a  structure  as  in  LISP.  The 
functions  car  ,  cdr  ,  cons  ,  and  the  predicate  atom  play  the  same 
role  as  in  LISP  (atom(x)  is  true  if  x  is  a  data  value,  or  A  (nil)  , 
and  false  otherwise) .  The  statements  allowed  are  the  following: 

We  use  "  lval  "  to  represent  A  ,  a  data  variable,  or  a  list 
variable, 

(1)  I  «-  lval 

(2)  l  *-  cons(lval1,lval2) 

(3)  if  i  -  A  then  goto  L^ 


i  > 


15 


(4a) 


if  atom(l)  then  goto 

else  if  -i  atom(car(/))  v  car(l)  =  A  then  goto  Lg 
else  y^  «-  car(l) 

(4b)  if  atom(/)  then  goto 

else  if  atora(cdr(l) )  v  edr(f)  =  A  then  goto  Lg 
else  yi  -  cdr(f) 

(5a)  if  atom(f_.)  then  goto  L  else  I.  •-  carfi.) 

—  i  - * -  -  j  v 

(5b)  if  atom(i^)  then  goto  L  else  i_.  •-  cdr(f^) 

where  represent  list  variables,  and  L,L,,Lp  represent  labels. 

The  start  statement  of  a  schema  initializes  all  list  variables  to  A 
(nil)  .  The  class  of  schemas  with  lists  is  C,(list)  . 

An  array  (A)  is  a  one -dimensional,  semi-infinite  sequence  of 
"locations"  that  can  take  on  data  and  boolean  values,  and  can  be  accessed 
by  subscripting  the  array  with  a  counter.  The  statements  allowed  are: 

(1)  <y,z>  -  A[c]  , 
and 

(2)  A[c]  -  (y,  z)  , 

where  A  is  an  array,  c  is  a  counter,  y  is  any  data  variable, 
and  z  is  any  boolean  variable.  In  addition,  the  start  statement  is 
changed  to  initialize  all  arrays.  It  has  the  form 

START  (y^,  . .  .,y^,  z^,  . .  .,Zm)  *-  (t^(  ),...,  Tn()  ,Q!^(),  ..  .,0^0  ) 

<AX,  ...,Ak>  -  <Ti(),«i(),-  ••,^(),0^()> 

where  A^, . . . , A^  are  all  the  arrays  used  in  the  schema.  The  start 
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statement  initializes  all  data  locations  of  an  array  A.  to  t  '.  ( )  , 
and  all  boolean  locations  to  Qd()  .  The  class  of  schemas  with  arrays 
is  denoted  <3(A)  ,  and  arrays  with  equality  by  <3( A,  =)  ,  etc.  Note: 
the  use  of  an  array  implies  the  use  of  counters,  i.e.,  schemas  in 
CX A)  do  have  an  arbitrary  '^’mber  of  counters. 


2.1.3  Recursive  Schemas 

A  recursive  schema  is  a  set  of  mutually  recursive  function 
definitions  (of  defined  functions  Fq,F^,  *“  ^  *  ®ie  ^'unctions  are 
passed  a  vector  of  data  and  boolean  arguments  (the  simple  case  -- 
"'call  by  value"  —  is  assumed  even  though  it  does  not  always  lead  to 
the  least  fixed  point:  see  Morris  [1968],  and  also  Cadiou  [1972]), 
and  they  are  allowed  to  return  a  vector  of  values. 

Given  a  vector  (y,z)  of  data  values  y  =  y-^yg,  .  ..,yn  >  31)4 
boolean  values  z  =  z^,  Zg, . . . , z^  ,  we  define  the  notation  for  picking 
off  the  i-th  data  or  boolean  values  as  follows: 

Yi(y,z)  =  and  Z;[(y,z)  =  z± 

provided  i  does  not  exceed  the  maximum  index  (in  either  case).  If 
a  vector  has  n  data  values  and  m  boolean  values,  we  say  its  type 
is  (n,m)  .  A  vector  of  type  (1,0)  is  a  data  element,  and  a  vector 
of  type  (0,1)  is  a  boolean  element. 


We  can  now  define  a  recursive  schema.  It  is  a  set  of  definitions 
of  the  form: 

Fo  <=T0(F>; 

F-L^z)  <=  if  ^(y^ZjF)  then  Tj(y,  z,F)  else  f^(y,z,F) ; 

F2(y,z)  <=  if  a2(y,z,F)  then  f2(y,z,F)  else  T^(y, z,F) ; 

Fk(y,z)  <=  if  <\(y,z,F)  then  fk(y,z,F)  else  r£.(y,  z,F) ; 

where  F  =  (Fj>F2,  . .  .  ,Fk)  and  y,z  represent  arbitrary  vector  arguments 
in  each  case,  is  of  type  data,  and  is  of  type  boolean.  Terms 

can  be  constructed  using  the  arguments  y,z  of  the  defined  function, 
and  applying  the  base  functions,  defined  functions,  and  the  notation 
Y^,Z^  for  extracting  an  element  from  a  vector.  It  is  implicitly  assumed 
that  there  is  no  type  mismatch. 

The  computation  rule  for  terns  in  the  schema  is  leftmost  innermost, 
with  the  exception  that  if  exactly  the  same  function  call  appears  more 
than  once  in  a  function  definition  it  will  not  be  computed  more  than 
once  —  rather,  the  values  returned  by  the  first  call  are  substituted 
in  the  others  (in  fact  we  could  have  prevented  multiple  identical  toims 
from  appearing  by  a  more  complicated  notation)  .  This  is  one  of  the 
reasons  for  allowing  functions  to  return  vectors,  i.e.,  it  results  in 
relatively  efficient  computations.  For  example,  consider  the  schema  S 
below  (unnecessary  parentheses  are  omitted): 

S:  FQ  <=  h(Y1F1(a,a),Y2F1(a,a))  ; 

F1(y1,y2)  <=  if  p(yx)  then  (y1,y2) 

Hise  (fY1F1(fV1,gy2),Y2F1(fy1,gy2)>  . 
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Not  calling  F1  both  times  in  (^iFi(^i>^2^,Y2Fl^:£'yl'Sy2^ 
results  in  an  exponential  saving  in  the  length  of  the  computation. 

The  class  of  recursive  schemas  will  be  denoted  (3(R)  •  The  number 
of  "variables”  in  a  recursive  schema  is  the  maximum  number  of  data 
elements  either  passed  as  arguments  to,  or  returned  from,  a  defined 
function.  The  class  of  recursive  schemas  in  which  no  defined  function 
is  passed  more  than  n  data  variables,  and  no  function  returns  more  than 
n  data  values  is  denoted  C-(R,n  var)  ;  similarly,  the  class  of  recursive 
schemas  which  allow  equality  tests  is  denoted  fl,( R,  =)  ,  etc. 

In  the  rest  of  Section  2,1  whenever  we  refer  to  an  arbitrary 
uninterpreted  schema  we  mean  a  schema  from  C-(pds,q,  list,A,=)  (j  -)  . 
We  can  get  an  interpreted  schema  by  restricting  the  interpretations 
allowed.  One  way  of  doing  this  is  by  specifying  that  every  interpreta¬ 
tion  for  a  schema  satisfy  some  formula  in  predicate  calculus;  but  mostly 
the  schemas  we  consider  will  be  uninterpreted. 


2.1.4  Halting,  Divergence,  and  Freedom 


Definition.  A  schema  is  said  to  halt  if  it  halts  on  every  interpretation. 


Definition.  A  schema  is  said  to  diverge  if  it  diverges  on  every 
interpretation,  that  is,  it  does  not  halt  on  any  interpretation. 


Definition .  Let  s^, s^, Sg, ...  be  the  statements  of  a  flowchart,  or 
an  augmented  flowchart  schema  S  .  Then,  a  path  in  S  is  defined  to 
be  a  finite  or  infinite  sequence 

(VW  •••) 

where  for  each  i  >  t^  is  s^  fov  some  j  ,  if  s^.  is  a  start,  halt, 

loop,  or  an  assignment  statement,  or  t.  is  (s.,true)  ,  or  (s  ., false) 

J  J 

if  Sj  is  a  test  statement,  and  the  sequence  must,  have  the  property  that 

(i)  tQ  is  the  start  statement,  and  no  other  ti  is  the  start 
statement, 

(ii)  only  the  last  element  in  the  sequence  (if  any)  can  be  a  halt  or 
a  loop  statement, 

(iii)  if  is  the  start  statement,  or  assignment  statement,  then 
■^+2  corresponds  to  the  statement  following  t^  in  the  schema, 

(iv)  if  t^  is  <Sj, true)  then  t^+_^  corresponds  to  the  statement 

following  the  test  s^  if  it  takes  the  true  exit;  and  similarly 

for  <s.,  false)  . 

J 


Definition .  We  can  similarly  define  the  notion  of  a  path  in  a  recursive 
schema.  Let  S  be  a  recursive  schema,  and  P^F^Pg, ...  be  its  defined 
functions,  and  s^ sg, ...  be  the  corresponding  tests  in.  the  if-then-else 
definitions.  Then  a  path  in  S  is  a  finite  or  infinite  sequence 

^t0,tl,t2’ **•) 


where  for  each  i  ,  t±  is  either  (enter  F.)  ,  (exit  F.)  ,  <s.,true> 

J  J  J 

or  (sj, false)  .  The  first  element,  tQ  ,  is  (enter  FQ)  ,  and  only  the 
last  element,  if  any,  can  be  (exit  FQ)  .  The  significance  of  the  t^s 


is  obvious,  and  we  say  that  a  path  must  have  the  property  that  the 
sequence  of  t^'s  must  obey  the  computation  rule  for  recursive  schemas, 
(that  is,  leftmost  innermost,  with  substitutivity  for  identical  terms  in 
the  same  function  definition) . 

Definition .  Given  a  schema  S  and  an  interpretation  I  for  S  ,  the 
path  of  the  computation  of  S  on  I  is  denoted  by  Path(S,l)  . 

Definition .  A  schema  is  said  to  be  free  if  every  path  in  the  schema 
can  be  taken  by  its  computation  ori  some  interpretation. 

As  example,  the  schema  S^  is  not  free  because  the  path 
(s0^  (si^alse)^  (s2>true))  cannot  be  taken  for  any  interpretation. 

In  fact,  even  the  schema  S^  is  not  free  because  no  interpretation  can 
take  the  false-exit  from  statement  (even  though  the  true-exit  and 

the  false-exit  both  lead  to  the  same  statement) .  The  schema  Sc  is 
free,  as  is  the  recursive  schema  S^  .  However,  the  recursive  schema 
Sg  is  not  free  because  the  test  F2(y)  can  only  take  the  true  exit. 

S  :  START  y  -  a;  comment:  call  this  statement  s„; 

0 

Ll:  p(y)  'then  goto  L2;  comment:  call  this  s1; 

if  p(a)  then  goto  1^;  comment:  call  this  s2; 

L2:  HALT(y)  ;  comment:  call  this  s^; 

START  y  •-  a;  comment:  call,  this  statement  s^; 

if  p(y)  then  goto  L;  comment:  call  this  s^ 

if  p(a)  then  goto  L;  comment:  call  this  s2; 

L:  HALT(y)  .  comment:  call  this  s^; 


Sc:  START  y  -  a; 

while  p(y)  do  y  -  f(y) ; 

HALT(y)  . 

Sd:  F0<=F1(a); 

Fx(y)  <=  if  Fg(y)  then  f(y)  ‘else  g(y) ; 

Fg(y)  <=  if  p(y)  then  Fg(f(y))  else  Fg(g(y))  . 

Se:  F0<=Fl(a); 

Fx(y)  <=  if  Fg.(y)  then  f  (y)  else  g(y) j,  ... 

F2(y)  <=  if  p(y)  then  true  else  Fg(g(y))  . 

Freedom,  as  defined,  is  not  a  very  useful  concept  for  augmented 
schemas  because  sane  of  the  functions  and  tests  are  totally  interpreted. 
Thus,  if  a  counter  schema  tests  "  c  =  0  ”,  then  all  paths  in  the  schema 
cannot  be  taken  because  the  outcome  of  this  test  is  fixed  once  we  fix 
a  path  leading  to  this  test.  The  same  is  true,  for  example,  for  a  stack 
(a  schema  attempting  to  pop  a  stack  must  test  if  it  is  empty),  a  queue, 
or  a  list . 

2.1.5  Equivalence 

Given  a  schema  S  and  an  interpretation  I  for  S  we  use  the 
notation  Val(S,l)  to  denote  the  output  (of  the  computation)  of  S 
on  I  —  if  S  does  not  halt,  then  Val(S,l)  is  undefined. 

Definition.  Given  two  (uninterpreted)  schemas  S.^  and  Sg  ,  we  say 
that  Sg  includes  S ^  ( S 1  <  Sg)  if  for  every  interpretation  I  for 
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and  Sg  (that  is,  I  specifies  all  base  functions  and  predicates 
used  in  both  S1  and  Sg  ),  if  Val(Sg,l)  is  defined,  then  so  is 
Val(S1,l)  and  Val(S1,l)  =  Val(Sg,l)  . 

Lef inition .  Two  schemas  and  Sg  are  said  to  be  equivalent 

^1  ~  ^  ®i  —  ^2  ant^  ^2  —  ®i  ’  is>  ^or  interpretations 

I  for  and  Sg  ,  if  one  schema  halts,  then  so  does  the  other  with 

the  same  output. 

The  notion  of  equivalence  (  s )  is  sometimes  also  called  output 

equivalence,  or  strong  equivalence. 

It  is  immediate  that  the  relation  =  is  reflexive  and  symmetric. 

It  is  also  transitive,  but  this  proof  requires  a  little  care.  The  only 

problem  is  that  given  S1  =  Sg  and  Sg  s  ,  to  show  that  S1  =  S5  we 

have  to  show  that  if  I  is  any  interpretation  for  S  and  S  then 

i  3 

Val(S^, I)  =  Val(S^,l)  .  But  I  may  not  be  an  interpretation  i or 
and  Sg  (or  for  Sg  and  S,  ,  for  that  matter)  because  S0  may  contain 
some  superfluous  functions  or  predicates.  To  overcome  this  problem,  we 
note  that  if  I'  is  any  interpretation  for  S1  ,  Sg  and  ,  then 
Val(S1,I')  =  Val(Sg, I' )  =  Val(S^,I')  .  And  from  this,  the  desired  result 
follows,  for  if  I  is  any  interpretation  for  S±  and  S^  ,  we  can  extend 
it  to  I'  by  adding  the  new  functions  and  predicates  of  Sg  (arbitrarily) 
and  then  ValfS^l)  =  Val(S1,I')  =  Val(S5,I')  =  Val(S3,l)  . 

An  alternative  definition  of  equivalence  (and  a  corresponding  on? 
applies  to  inclusion)  is  that  S^  =  Sg  if  for  every  interpretation  I 
for  S1  there  is  an  isomorphic  interpretation  Ig  for  Sg  (let  0  denote 

the  isomorphism  9:  I-^  ♦*  Ig  ,  i.e.,  9  is  a  one-one  mapping  from  the 
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domain  of  1^  onto  the  domain  of  Ig  that  preserves  functions  and 
predicates)  such  that  if  Val(S^,  1^)  or  Val(Sg, Ig)  is  defined,  then 
both  are  defined,  and  Val(S2,I2)  =  9(Val(S1,I1))  . 

The  two  definitions  are  the  same  owing  to  a  basic  notion 
regarding  schemas  --  that  the  behavior  of  a  schema  over  two  isomorphic 
interpretations  is  the  same,  i.e.,  the  paths  of  computation  are  the 
same,  and  the  values  of  all  variables  correspond  under  the  isomorphism 
at  each  step. 

-  •  -A-  fundamental  notion  of  equivalence  is 'that  if  we  want  to  find  a' 
schema  equivalent  to  some  given  schema  S  ,  then  the  schema  to  be  found 
need  not  have  any  function  or  predicate  symbol  other  than  tnose  in  S  . 
This  result  is  implicitly  used  all  the  time  in  the  theory  of  schemas, 
apparently  without  ever  having  been  clearly  formalized. 

Theorem  2 . 1  (Redundant  predicates  and  functions) 

Given  uninterpreted  schemas  S  and  S1  such  that  S  h  S1  ,  we 
can  find  a  schema  Sg  equivalent  to  S  such  that 

(i)  Sg  has  no  function  or  predicate  symbol  not  in  both  S  and  , 

( ii)  Sg  has  exactly  the  same  features  (that  is,  equality,  recursion, 
number  of  variables,  counters,  stacks,  queues,  lists  and  arrays) 
as  those  of  . 

This  theorem  may  also  be  called  the  "interpolation  lemma  for  program 
schemas" . 

For  a  proof,  see  Section  2.1. 9.  In  this  connection  it  may  be 
remarked  that  if  we  are  given  any  schema  S  and  a  flowchart  schema  S1 
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(S1e<3(=))  equivalent  to  S  ,  then  there  exists  a  schema  S2  also 
equivalent  to  S  having  properties  (i),  (ii)  above,  and  also  preserving 
the  freedom  of  S1  ,  i.e.,  (iii)  S 2  is  free  if  and  only  if  S1  is 
free.  This,  in  itself,  is  not  astonishing.  But  it  should  be  noted  that 
we  said  "there  exists  a  schema  S2  ",  not  that  we  can  find  it  (as  in  the 
theorem) .  It  may  come  as  a  surprise  that  if  we  wish  to  preserve  freedom, 
then  S2  cannot  be  effectively  found  in  general'.  This  is  demonstrated 
along  with  the  proof  of  this  remark  in  Section  2. 1.9. 

Definition .  We  say  a  class  of  schemas  is  more  powerful  than  another 

class  <2^  <  C-g)  if  for  every  schema  in  there  is  an  equivalent 

schema  in  • 

Note  that  the  meaning  of  the  symbol  "  <  "  is  quite  different  when 
applied  to  individual  schemas,  and  when  applied  to  classes  of  schemas. 

Definition.  A  class  Cg  is  strictly  more  powerful  than  (C^  <  C-2) 

if  <  C2  ,  but  not  <  C*j_  • 

Definition.  Two  classes  and  'V,  are  equally  powerful,  or 

equipollent,  (^  =  C^)  if  5  ,  and  0%  <  - 


2.1.6  Isomorphism 

Intuitively,  saying  that  two  schemas  are  isomorphic  means  that  they 
perform  their  computations  in  the  same  fashion.  This  differs  from 
equivalence  which  says  that  two  schemas  always  produce  the  same  output 
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even  though  they  migi  t  perform  their  computations  by  quite  different 

c 

algorithms;  for  example,  one  schema  might  be  more  efficient  than 
another  as  far  ec  the  number  of  operations  is  concerned. 

Several  notions  of  isomorphism  can  be  defined.  We  consider  some  of 

v 

these  possibilities  informally  before  presenting  our  definition.  The 

strongest  notion,  of  course,  is  the  identity  relation  between  schemas. 

A  weaker  definition  (call  it  )  is  that  two  schemas  are  isomorphic  if  both 

compute  exactly  the  same  statements  (i.e.,  statements  that  look  the  sae) 

in  the  same  order,  for  each  interpretation.  Under  this  notion,  if  the 

roles  of  two  variables  are  interchanged  the  schemas  are  not  N, -isomorphic, 

as  in  the  case  of  the  two  schemas  S„  ,  S  below: 

*  S 

Sf :  START  <y1,y2>  -  (a, a);  Sg :  START  (y^)  -  (a,a>; 

yi-f(y2);  yg-fCYi); 

HALT(y?)  HALT(yy)  . 

A  weaker  notion  (call  it  N2  )  is  that  two  schemas  are  isomorphic  if  the 
same  terms  are  computed  (in  the  same  order).  Thus  the  schemas  Sf  ,  Sg 
above  are  N2-isomorphic  because  both  compute  the  term  f(a)  only.  But 
the  schemas  Sh  ,  Si  below  are  not  Ng-isomorphic : 

Sh:  START  y  -  a;  START  y  -  a; 

y  -  fg(y)  y  -  g(y); 

HALT(y)  y  -  f (y) ; 

HALT(y) 

because  Sh  computes  fg(a)  and  Si  computes  first  g(a)  ,  and  then 
fg(a)  .  A  weaker  notion  (N^)  breaks  down  the  computation  of  terms  into 
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its  constituent  parts  making  S^  ,  N^- isomorphic,  but  not  S^  , 


below: 

Sj :  START  y  *-  a;  S^: 

START  y  *-  a; 

if  y  =  b  then  y  -  f(a) ; 

if  y  =  b  then  y  -  f (b) ; 

HALT(y) 

HALT(y) 

The  definition  given  below  is  a  still  weaker  (and  to  us,  a  more 
reasonable)  definition  that  operates  on  elements  of  the  interpretation 
rather  than  on  terms.  It  should  be  stated,  however,  that  the  decidability 
and  undecidability  results  of  the  next  chapter  remain  unchanged  if  any 
of  the  notions  ^  ,  Mg  ,  or  is  substituted  instead. 

Definition.  Given  a  schema  S  and  an  interpretation  I  for  S  . 

Let  Seq(S,l)  denote  the  (possibly  infinite)  sequence  of  vectors  of 
the  form 


(f,e;L,  ...,ek>  -  where  f 

is  a  k-ary  function  symbol. 

(p, e±, . . . , ek>  —  where  p 

is  a  k-ary  predicate  symbol 

(  ~  >  e-^>  e2  )  > 

(HALT,  e1)  ,  or 

(LOOP) 

where  the  e^'s  are  elements  in  the  domain  of  I  —  that  are  evaluated 
during  the  computation  of  S  on  I  . 

For  example,  if  for  the  schema  S^  above,  I  is  over  the  domain 
(1,0,2,...)  ,  a  =  b  =  0  ,  and  f  is  the  "add-one"  function,  then 
Seq(Sj,l)  =  «  =,0,0),  <f,0>,  (HALT,  1»  =  Seq(Sk,l)  . 


27 


Definition .  Two  schemas  and  S0  are  isomorphic  (denoted  ~ 

or  S,  =  Sp  )  if  for  every  interpretation  I  , 
isom 

SeqfS^l)  =  Seq(S2,l)  . 

It  is  obvious  from  the  definition  that  if  two  schemas  are  isomorphic 
then  they  are  equivalent.  The  converse,  of  course,  is  not  true. 

2.1.7  Herbrand  Schemas 

Definition.  Given  a  set  of  function  symbols  (containing  at  least  one 
zero-ary  symbol)  and  predicate  symbols,  a  Herbrand  interpretation  on  the 
set  is  defined  as  follows:  the  domain  is  the  set  of  (fully  parenthesized) 
constant  terms  using  the  function  symbols;  the  functions  are  defined  in 
the  usual  way  for  terms,  and  predicates  are  arbitrary. 

An  example  may  help  clarify  the  definition.  Given  the  set  of 
symbols  (a,  f,  g,p]  where  a  is  a  zero-ary  function  symbol,  f  and  g 
are  unary  function  symbols,  and  p  is  a  unary  predicate  symbol,  a 
Herbrand  interpretation  for  this  set  has  the  infinite  domain 
{"a",  "f (a) ",  "g(a) ",  "f(f(a)) ",  "f (g(a)) ",  . . . } 
where,  for  example,  by  "f(a)"  we  mean  the  term  f(a)  itself,  consisting 
rf  a  string  of  four  synbols  —  "f"  ,  "("  ,  "a”  ,  and  ")"  .  In  the 
interpretation,  the  value  of  the  function  f  applied,  for  example,  to 
the  element  "f(a)"  is  the  element  "f(f(a))"  ,  and  similarly  for  g  . 

The  value  of  p  applied  to  any  element  in  the  domain  can  be  arbitrarily 
true  or  false. 
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Definition.  Given  an  interpretation  I  over  a  set  of  function  and 
predicate  symbols,  the  Herbrand  interpretation  I**  corresponding  to  I 
is  a  Herbrand  interpretation  whose  predicates  are  defined  as  follows: 
if  p  is  a  k-ary  predicate  symbol,  and  Tj,t2,  . .  .,Tfc  are  (fully- 
parenthesized)  constant  terms,  then  pCx-^Tg, . .  .,xk)  is  true  in  I11 
if  and  only  if  it  is  true  in  I  . 

As  an  example,  consider  the  set  of  symbols  {a,f,g,p}  ,  and  let  I 
be  an  interpretation  with  domain  [0,1]  such  that  a  =  0  ,  f(x)  =  x  , 
g(x)  =  1-x  ,  and  p(x)  is  true  for  x  =  0  and  false  for  x  =  1  .  Then 
I11  is  over  the  infinite  domain  mentioned  above,  and  p("a")  ,  p("f(a)")  , 
P("g(g(a))")  etc.,  are  true,  and  p("g(a)")  ,  p("f(g(a))")  etc.,  are 
false.  In  general,  p(y)  is  true  if  y  has  an  even  number  of  g's  . 

Definition.  An  uninte^preted  schema  S  is  said,  to  be  a  Herbrand 
schema  if  for  every  interpretation  I  for  S  ,  Path(S,l)  =  Patl^S,!11)  . 

In  Chapter  b  this  definition  is  extended  to  interpreted  schemas 
as  well. 

Definition.  An  inherently  non-Herbrand  schema  is  a  non-Herbrand 
schema  for  which  there  is  no  equivalent  Herbrand  schema. 

Examples  are  given  below  (schemas  -  Sq  ). 

The  following  simple  but  very  useful  theorem  indicates  why  the 
notion  of  Herbrand  schemas  is  useful.  We  say  that  a  schema  S  is  free 
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on  a  set  of  interpretations  A  if  for  every  path  in  S  there  is  some 
interpretation  in  $  on  which  the  computation  follows  that  path;  a  schema 
S  halts  (or  diverges)  on  J  if  it  halts  (diverges)  for  every  interpreta¬ 
tion  in  c9  ;  we  say  that  S.^  <  s2  on  <9  if  for  every  Ie^  ,  if  Val(S^  I) 
is  defined  then  Val(S1,l)  =  Val(S2,l)  ;•  and  similar  definitions  apply 
for  equivalence  and  isomorphism.  We  use  H  to  denote  the  class  of 
Herbrand  interpretations . 


Theorem  2.2  (Fundamental  theorem  of  Herbrand  schemas) 

If  S.  and  S2  are  uninterpreted  Herbrand  schemas  then 


(a) 

S^  halts 

if  and  only  if 

S1 

halts 

.  on 

V  , 

(b) 

diverges 

if  and  only  if 

S1 

diverges  on  %( 

(c) 

S1SS2 

if  and  only  if 

S1 

in 

CO 

ro 

on 

M  > 

(a) 

S1  <  S2 

if  and  only  if 

S1 

<  s2 

on 

V  , 

(e) 

S1~S2 

if  and  only  if 

S1 

~S2 

on 

V  > 

(f) 

S.^  is  free 

if  and  only  if 

S1 

is  free 

on  V 

Parts  (a),  (b),  and  (f)  are  immediate  from  the  definition  of 
Herbrand  schemas;  and  part  (c)  follows  from  (d) .  For  proofs  of  (d) 
and  (e)  see  Section  2.1.9. 

We  would  now  like  to  know  what  kinds  of  schemas  are  Herbrand 
schemas.  The  next  theorem  implies  that  it  is  the  tests  of  equality 


that  tend  to  make  schemas  non-Herbrand. 


Theorem  2.3  (Schemas  without  equality  are  Herbrand) 

If  S  is  an  uninterpreted  schema  without  any  equality  test  then 
S  is  a  Herbrand  schema. 

Thus,  the  schemas  in  cX)  ,  CX n  var)  ,  C.(pds,q,list,A)  ,  CX R)  > 
etc.,  are  all  Herbrand  schemas.  In  general,  however,  it  is  not  partially 
solvable  if  a  given  schema  is  a  Herbrand  schema.  This  follows  directly 
from  the  fact  (see,  for  example,  Luckham,  Park  and  Paterson  [1970J)  that 
the  divergence  problem  for  <3(2  var)  is  not  partially  solvable.  This 
is  so  because  if  we  are  given  a  schema  Se3(2  var)  and  we  replace  all 
halt  statements  in  S  by 

if  a  =  b  then  HALT(y)  else  HALT(y) 

(where  a,b  are  zero-ary  functions  not  present  in  S  )  to  get  a  schema 
in  <3(2  var,  = )  ,  call  it  S'  ,  then  S'  is  a  Herbrand  schema  if  and 
only  if  S  diverges. 

Examples .  Consider  the  schema  below: 

Sj  :  STAHT  y  *-  a^; 

if  ai  =  a2  then  HALT(y)  else  LOOP  . 

This  is  a  non-Herbrand  schema  because  for  every  Herbrand  interpretation 
ax  /  a0  ,  though  a1  can  equal  ag  for  some  non-Herbrand  interpretations. 
In  fact,  is  an  inherently  non-Herbrand  schema,  because  if  there  is 

a  Herbrand  schema,  say  SJ  ,  equivalent  to  ,  then  loops  for  all 

Herbrand  interpretations .  But  consider  an  interpretation  I  for  which 
S£  halts,  then  Sj  too  must  halt  for  I  ,  and  hence  must  also  halt  for 
the  Herbrand  interpretation  corresponding  to  I  (since  SJ  is  a  Herbrand 
schema  by  hypothesis)  —  a  contradiction. 


However,  the  use  of  equality  tests  does  not  necessarily  make 

a  schema  inherently  non-Herbrand,  or  even  non-Herbrand.  S  is  a 

m 

Herbrand  schema  that  uses  equality  tests.  It  is  equivalent  to  a 

(Herbrand)  schema  without  any  equality  tests  (S  )  and  also  to  a 

n 

non-Herbrand  schema  (Sq)  with  equality  tests: 

sm:  START  (y^y^  -  <a,a); 

L:if  p(y1)  then 

if  p(y2)  then 

begin  y1  -  f (yx) ; 

y2  f  » 
goto  L; 

end 

else  if  y1  =  a  then  HALT(y)  else  LOOP 
else  if  y1  =  y2  bhen  HALT(y)  else  LOOP  . 

Sn:  START  y  «-  a; 

L;if  p(y)  then 

begin  y  -  f(y) ; 

goto  L 
end 

else  HALT(y)  . 

Sq:  START  y  -  a; 

L:if  p(y)  then 

if  y  =  f(y)  then  LOOP 
else  begin  y  »-  f  (y) ; 

goto  L; 
end 


else  HALT(y)  . 


Given  a  (fully  parenthesized)  term  T  ,  let  [t ]  denote  the 
string  t  with  all  parentheses  and  all  zero-ary  function  symbols  removed. 

For  example,  [f(g(f(a)))]  =  fSf  • 

Definition.  Given  a  schema  S  ,  let"  JV  denote  the  set  of  Herbrand 
interpretations  for  S  ,  then  the  value  language  L(S)  of  the  schema  S 
is  defined  by 

L(S)  =  ([T]  |3HeV,  Val(S,H)  =  t}  . 

For  example,  the  value  language  of  the  recursive  schema 
is  L(Sp)  =  {xxR  |  xe(f,g}*}  where  xR  means  the  reverse  of  the 
string  x  . 

Sp:  F0  <=  Fi(a) 5 

F^y)  <=  if  p(y)  then  y  else  F2(y) ; 

F2(y)  <=  if  q(y)  then  fFjfCy)  else  gF-^y) ; 

Theorem  2.4  (Value  languages  are  r.e.) 

The  value  language  of  any  schema  S  (that  admits  all  the  Herbrand 
interpretations  )  is  recursively  enumerable. 

The  proof  is  quite  simple,  and  is  given  in  Section  2.1.9* 

Value  languages  have  been  studied  mostly  for  monadic  schemas.  They 
can  be  used  to  prove  theorems  regarding  the  power  of  classes  of  schemas. 
The  following  lemma  is  a  slight  generalization  of  one  given  by  Garland 
and  Luckham  [1971]* 
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Theorem  2.5  (Basic  theorem  of  value  lanuages) 


For  uninterpreted  schemas  S±  ,  Sg  ,  if  S1  <  S2  then  L^)  c  L(Sg) 

The  proof  is  trivial,  for  if  L^)  £  L(Sg)  then  there  is  a  string 
xeL(S^)  such  that  x^L(S2)  .  Now,  consider  any  Herbrand  interpretation 
H  for  Sx  for  which  [ValfS^H)]  =  x,  then  [Val(S2,H)]  ^x  because 
x/l(S2)  ,  and  hence  -h  S2  . 

Note  that  this  theorem  holds  whether  or  not  the  schemas  ,  S2 
are  Herbrand  schemas . 

Corollary  2.6.  For  schemas  S1  ,  S2  ,  if  si  s  Sg  then  1(8^  =  L(S  )  . 

This  is  usually  used  to  prove  the  negative  result :  given  two 
classes  and  of  uninterpreted  schemas  such  that  for  seme 

there  is  no  SgCflg  for  which  L(S1)  =  L(Sg)  then  we  can  conclude 
that  £  <32  . 

2.1.9  Discussion  and  Proofs 

2. I.9.I  On  the  Treatment  of  Equality 

In  our  treatment,  equality  is  viewed  as  a  basic  construct  in  schemas, 
on  par  with  others  like  assignments,  goto  statements  (in  flowchart 
notation,  the  arrows  leading  from  one  statement  to  another)  or  the  use 
of  more  than  one  variable  in  schemas. 

Alternatives  have  been  suggested,  but  our  approach  seems  to  be  the 
most  natural.  One  alternative  is  to  treat  equality  as  just  another 
(diadic)  base  predicate,  call  it  p_  .  Then,  a  test  like  =  t2  is 
viewed  as  just  a  notation  for  the  strict  form  p_(T^,Tg)  .  However,  the 
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schema  is  no  longer  uninterpreted,  but  every  interpretation  must  satisfy 
the  formula  VxVy  P_(x,y)  s  (x=y)  .  In  other  words,  p_  is  treated  as 
pseudo-equality.  The  problem  is  that  the  equivalence  of  partially 
interpreted  schemas  has  to  be  defined  (it  is  not  desirabJe  to  define 
it  for  the  special  cases  where  zero  or  one  of  the  predicates  is  pseudo¬ 
equality) .  The  definition  of  Section  2.1. 5  (i.e.,  and  S2  are 

equivalent  if  VI  if  admits  I  ,  and  Sr,  admits  I  then 

Val(S^,l)  =  Val(Sg,l)  )  is  inadequate  because  it  is  not  transitive  in 
general.  Equivalence  is  defined  in  Chapter  4  for  partially  interpreted 
schemas  (it  is  based  on  the  alternative  definition  given  in  Section  2.1.5). 

If  this  definition  is  used,  we  would  find  that  the  trivial  schemas  S1 
and  S2  below  are  not  equivalent  using  the  p_  formalism,  while  clearly 
we  would  like  to  say  that  they  are  indeed  equivalent.  In  fact  we  would 
find  that  the  uninterpreted  schema  S2  is  a  "generalization"  (see 
Section  4.3)  of  S^  because  more  interpretations  are  allowed  for  S2  than 
for  S1  .  It  may  be  noted  that  S^  and  S2  are  equivalent  in  our  formalism. 

S^  START  y  -  a1; 

~  al  =  a2  then  HALT(ai)  else  HALT(aQ)  . 

S2:  START  y  «-  a^j 
HALT(a2)  . 

Another  approach  that  has  been  suggested  is  to  treat  equality  as 

just  a  (diadic)  base  predicate,  say  q_  .  The  schema  is  to  be  partially 

interpreted,  with  q  being  an  equivalence  relation  also  satisfying 

substitutivity;  i.e.,  if  f^  fg, . . . ,  fr  and  p^pg,  ...,p  are  the 

other  base  functions  and  predicates  in  a  schema  with  ranks  i„,...,i 

1  r 

and  j1,  ...jjg  respectively  (let  k  be  the  maximum  of  these),  then 
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every  interpretation  for  the  schema  is  to  satisfy  the  formula  <p  , 
where 

<p  is  Vx-jVXgVx^  q=(x1,x1) 

A  q=(x1,x2)  -  q=(x2,x1) 

A  q=(x1,x2)  A  q=(x2,x3)  -  q=(x1,x3) 

A  (q=(x1,y1)  A  ...  A  q=(xR, yk))  -4 

\ 

(xt >  •  •  ) * f-i  (y-i >  •  •  • } y .  )) 

11  x  1  1i 

A  ... 

^  •  •  *>x^  ) •  •  ‘>y~  )) 

r  r 

^  p^(xtl>  •  *  *>xj  )  =  Pi(yi>  •  ‘  •  >y^  ) 

A  ... 

^  P„(xx»  •••>x  )  =  p(y,>...,y.  )  . 

This  approach  "works"  for  the  introduction  of  equality  in,  say,  first 
order  predicate  calculus  where  the  property  of  interest  is  the  validity 
of  formulas  —  a  formula  ^  with  equality  is  valid  (satisfiable)  if 
and  only  if  ijf f  A  <p  is  valid  (satisfiable)  where  \j('  is  obtained  from 
♦  by  substituting  q_  for  equality.  Unfortunately,  this  approach  does 
not  seem  to  be  viable  for  schemas,  where  the  equivalence  of  schemas  should 
be  preserved  on  replacement  of  equality  by  q_  .  Observe  that  the  schemas 
s!  ^  S2  are  not  equivalent  if  a1  =  a2  is  replaced  by  qja-^a  ) 
in  ,  because  it  is  possible  for  a^  and  a2  to  be  distinct  elements 
even  if  q_(a1,a2)  is  true,  i.e.,  the  outputs  of  S.^  and  S2  are  not 
the  same.  Of  course,  the  outputs  are  equivalent  under  the  relation  q 
for  every  interpretation,  but  as  mentioned,  equivalence  of  schemas  should 
be  defined  for  some  general  class  and  not  for  a  special  case  where  there 
is  one  equivalence  relation. 
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Why  all  this  discussion  on  equality?  It  goes  back  to  the  basic 
question  "what  is  a  program  schema" .  The  intuitive  notion  is  that  of 
a  machine  that  computes  on  uninterpreted  (or  partially  interpreted) 
domains,  as  against  "real"  computations  on  interpreted  domains.  One  aim 
of  the  study  is  to  present  stable  (or  "maximal")  classes  of  machines 
similar  to  the  Turing  machines  for  real  computations.  What  properties 
should  schemas  possess?  As  with  real  computations,  the  requirements 
of  finiteness,  nonrandomness,  and  discreteness  seem  reasonable  --  see 
e.g.  Rogers  [1967].  In  addition  we  may  require  the  following: 

(1)  first  order  functions  and  predicates; 

(2)  total  functions  and  predicates; 

(3)  the  computation  of  a  schema  should  be  fully  characterized  by  an 
interpretation  (and  the  inputs,  if  any); 

(4)  computations  on  isomorphic  interpretations  must  be  the  "same" 
for  any  one  schema; 

(5)  in  any  one  step  a  schema  should  be  able  to  "look  at"  at  most  a 
finite  number  of  elements  of  the  domain  of  the  interpretation. 

Of  course,  one  may  relax  any  of  these  conditions  to  study  what  classes 
of  machines  are  obtained.  In  Chapter  U  we  introduce  a  class  of  schemas 
having  all  the  above  properties.  In  addition,  a  slightly  stronger  version 
of  (3)  above  is  used:  the  computation  of  a  schema  is  fully  characterized 
by  the  values  of  the  functions  and  predicates  applied  to  the  reachable 
elements  in  the  domain  —  the  set  of  reachable  elements  is  the  smallest 
set  (containing  the  inputs,  if  any,  and)  closed  under  function 
applications.  In  this  class  of  schemas  we  obtain  a  maximal  subclass 


for  the  uninterpreted  schemas,  and  a  maximal  subclass  for  the 
uninterpreted  Herbrand  schemas  (i.e.,  schemas  whose  computation  is 
the  same  for  any  interpretation  and  its  corresponding  free  interpre¬ 
tation),  and  as  may  be  expected,  the  use  or  the  non-use  of  equality 
plays  a  crucial  role  in  distinguishing  the- subclasses . 


2 '9 ’9 ,2  groof  Theorem  2.1  (Redundant  functions  and 
predicates) 

Proof  of  the  Theorem 

% 

Given  uninterpreted  schemas  S  ,  S1  such  that  S  =  S±  ,  then 
there  is  a  schema  S2  equivalent  to  S  ,  having  no  function  or  predicate 

symbol  other  than  those  in  both  S  and  S±  ,  and  having  exactly  the 
same  features  as  . 

I*oof.  Firstly,  if  there  is  no  zero-ary  function  symbol  common  to 
both  S  and  S±  then  both  must  diverge  for  all  interpretations  because  Z 

if  not,  consider  the  interpretations  for  S  and  S1  —  as  the  sets  of 
terns  generated  by  S  and  S±  are  mutually  disjoint,  if  s  halts  on 
any  interpretation  then  it  halts  on  one  in  which  the  reachable  elements  Z 

of  S  and  of  S1  are  disjoint,  and  for  this  interpretation  the  output 

of  B1  can  never  equal  that  for  S  .  So  in  this  case  the  construction 
of  S2  is  trivial. 
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I  Now>  if  s  and  S1  have  a  common  zero-ary  function,  say  a  ,  then 

we  obtain  S2  from  us  follows:  if  f  is  any  (k-ary)  function  in 

and  not  in  S  ,  then  replace  any  term  of  the  form 

9  ffrj*  ••*>Tk)  fey  a  > 

and  if  p  is  any  (k-ary)  predicate  of  S1  not  in  S  ,  then  replace  any 
atomic  formula 

f  by  true  . 

Now,  to  prove  that  S  =  Sg  ,  let  I  be  any  interpretation  for  S  and  Sg  . 
We  change  I  to  I'  by  first  deleting  all  functions  and  predicates  of 
~2(Sg)  from  I  (if  any),  and  then  adding  the  '^unctions  and 
predicates  of  Z(S1)  -£(Sg)  as  follows:  the  value  of  each  new  function 
f  applied  to  any  set  of  elements  in  the  domain  is  "a  ",  and  all  new 
predicates  are  "true"  for  all  arguments.  Clearly,  Val(S,I')  =  Val(S,l) 
and  Val(S2,l')  -  Val(S2,l)  because  the  functions  and  predicates  of 
^(S^  -S(S2)  do  not  appear  in  S  or  Sg  .  Also,  on  I»  ,  the  computa¬ 
tions  of  S1  and  S2  are  identical,  and  hence  Val(S,I')  =  Val(S1,I' )  = 
Val(S2,I')  .  This  gives  the  desired  result,  i.e.,  Val(S,l)  =  Val(S2,l) 
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Redundant  functions  and  predicates  with  preservation  of  freedom 


Given  a  schema  S  and  a  flowchart  schema  (S^eC,(=)) 

equivalent  to  S  ,  then  there  exists  another  flowchart  schema  Sg 
also  equivalent  to  S  having  the  same  features  as  S1  and  no  base 
functions  or  predicates  other  than  those  in  both  S  and  ,  such 
that  S2  is  free  if  and  only  if  S1  is  free.  But  S?  cannot  be 
effectively  found,  in  general. 

Proof.  S  s  S1  ,  S1o3(=)  •  We  first  construct  a  flowchart 
schema  S^  equivalent  to  S  and  having  no  base  functions  and  predicates 
other  than  those  in  S  ,  suen  that  is  free  if  is  free 

(but  it  may  also  be  free  if  S^  is  not) . 

The  idea  behind  the  construction  is  similar  to  that  in  the  proof 
of  the  theorem.  The  application  of  any  new  predicate  p  (p  is  in  S1  , 
but  not  in  S  )  yields  "true",  and  the  v'alue  of  any  new  function  f  is 
a  special  element  we  call  "bad".  The  schema  simulates  the  computation 

of  S1  ,  keeping  track  of  all  "bad"  variables.  can  be  described  as 

follows.  It  has  2n3m  "copies"  of  S1  --  where  n  is  the  number  of 
data  variables,  and  m  is  the  number  of  boolean  variables.  Each  data 
variable  can  be  good,  or  bad,  each  boolean  variable  can  be  good,  bad-true, 
or  bad-false.  If  in  S1  there  is  an  assignment 
yi  •-  T  or  zi  -  a 

where  T  (or  a  )  contains  a  bad  value  (for  some  copy  in  S£  )  or  a  new 
predicate,  then  this  assignment  is  not  made  (in  that  copy),  but  the 
variable  becomes  bad,  i.e.,  S|  transfers  to  the  appropriate  next 
statement.  Further,  if  z^^  becomes  bad,  the  value  it  takes  is  governed 

Uo 


by  the  rule  that  any  predicate  on  the  value  "bad"  is  true,  and 


"bad  =  bad"  yields  true,  but  "bad  good"  yields  false  (where  "good" 
stands  for  some  term  that  is  not  bad) .  The  same  applies  to  any  bad 
test  --  the  test  is  not  actually  made,  but  the  appropriate  exit  is 
assumed. 

Now  it  is  easy  to  see  that  =  S-j^  .  The  proof  is  very  similar  to 
the  proof  for  the  theorem  (above) . 

Further,  is  free  if  31  is  free.  Suppose  is  not  free. 

Then  there  is  some  path  from  the  start  statement  to  a  test  such  that  the 
outcome  of  the  test  is  predetermined  by  the  path.  But  as  makes 

tests  only  on  (constant)  terms  that  can  only  be  obtained  by  applications 
of  functions  of  S  ,  we  see  that  in  the  corresponding  path  in  S.^  ,  any 
computation  following  this  path  must  take  the  same  exit.  This  is  so 
because  (a)  any  interpretation  of  the  form  having  the  "bad"  element 
appended,  must  take  the  same  exit,  and  (b)  for  any  interpretation  I  , 
we  can  obtain  the  corresponding  interpretation  B  with  a  "bad"  element, 
such  that  if  I  follows  the  path,  then  its  exit  is  the  same  as  that  of  B  . 

Now,  if  the  given  schema  is  free,  then  S£  is  the  required 

schema  S?  ,  otherwise  to  obtain  S2  we  can  simply  append  to  the  beginning 

of  S'  some  trivial  tests  to  force  it  to  be  non-free. 

1  □ 

Unsolvability  of  the  translation 

Our  translation  was  not  effective  because  in  the  last  step  the 
decision  es  to  whether  S1  is  free  or  not  was  not  effective. 


We  will  prove  that  the  translation  to  Sg  is  not  solvable  in 
general  in  a  very  informal  way.  We  use  Paterson's  proof  [1967]  of  the 
unsolvability  of  freedom  aid  convert  it  to  the  unsolvability  of  freedom 
for  schemas  in  C<1  var,  =  )  by  using  the  method  of  simulating  two 
variables  with  only  one  presented  in  the.  proof  of  Theorem  3.3.  The 
resulting  class  (call  it  <3*  )  has  schemas  with  no  predicate,  one 
zero-ary  function  a  ,  and  unary  functions,  one  of  which  is  called  f 
There  is  a  single  variable  y  which,  at  intervals,  takes  values 
a,f(a),ff(a),fff(a),  ...  . 

We  will  change  this  class  somewhat  to  ^  by  adding  a  unary 
predicate  p  ,  and  whenever  in  a  schema  S '  <£,'  the  variable  y  has 
value  f  *.a)  in  the  above  sequence,  the  new  schema  s  makes  a  test 
P(y)  .  If  p(y)  is  false,  the  schena  S1  halts,  otherwise  it  continues 
like  S'  .  In  addition,  any  halt  or  loop  statement  in  S'  is  replaced 
by  a  cycle  that  tests 

P(f1(a)),p(fi+1(a)),:p(fi'2(a)),... 

such  that  S1  halts  if  any  of  them  is  false.  Now,  si  is  free  if  and 
only  if  s'  is  free,  and  hence  the  freedom  problem  for  this  new  class 
is  unsolvable.  But,  each  schema  s±  in  this  clare  ^  is  equivalent 
to  the  schema  S  : 

S  =  START  y  -  a; 

while  p(y)  do  y  -  f(y) j 
HALT(y)  . 

Hence,  if  our  desired  schema  S,,  exists,  it  must  have  one  variable  y  , 
functions  a  and  f  ,  and  predicate  p  .  But  the  freedom  problem  for 
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such  a  class  of  schemas  can  be  shown  to  be  solvable.  We  do  not  give  a 
rigorous  proof  here,  but  only  indicate  it. 

Given  a  flowchart  schema  S  with  only  a  aero-ary  function  a  , 
one  unary  function  f  ,  and  one  unary  predicate  p  ,  to  show  that  the 
freedom  problem  for  S  is  solvable  we  observe  that  without  loss  of 
generality  we  can  assume  that  every  circular  path  (cycle)  in  S  must 
have  at  least  one  predicate  or  equality  test. 

Now,  if  any  reset  (i.e.,  y  -  f^a)  )  appears  in  a  cycle,  then  S 
must  be  nonfree  for  the  same  test  would  be  made  twice  (with  the  same 
value  for  y  )  by  going  around  the  loop. 

Secondly,  if  after  the  "true"  exit  from  any  equality  test  (i.e., 
f1&  =  fJa  ,  f1a  =  fJy  ,  or  f^y  =  f']y  )  there  is  a  cycle  then  the 
schema  must  be  nonfree  because  either  the  false  exit  can  never  be  taken, 

or  else  there  are  only  a  finite  number  n  of  distinct  elements  in 

2  i> 

a,fa,  f  a, f  a, ...  ,  and  hence  by  going  around  the  cycle  n+1  times  some 
test  would  be  made  twice. 

Now,  if  the  schema  S  is  not  obviously  nonfree  by  the  above 
criteria  then  we  can  determine  whether  or  not  it  is  free  by  constructing 
a  finite  state  automaton  that  accepts  all  input  tapes  unless  the  schema 
is  nonfree.  We  use  the  terminology  in  the  proof  of  Theorem  3.1. 

The  input  tape  of  the  automaton  represents  a  path  through  the  schema. 
The  first  symbol  specifies  all  resets  the  path  goes  through,  and  true 
exits  from  equality  tests.  Subsequent  symbols  update  each  of  these 
subpaths  starting  from  the  resets  and  true  exits.  The  automaton  simulates 
the  computation  of  all  possible  interpretations  simultaneously  along  all 
these  subpaths  (except  for  any  true  exit  from  a  fXy  =  fJy  test,  which 


is  simulated  when  computation  reaches  that  statement) .  Note  that  the 
nun, her  of  equivalence  classes  of  all  interpretations  remains  hounded. 
The  input  tape  is  accepted  unless  it  represents  a  valid  path  which 
cannot  be  traced  by  an  interpretation. 


Hence,  if  we  could  find  S,  effectively,  we  would  have  converted  an 
unsolvable  problem  into  a  solvable  one  -  a  contradiction. 

□ 


2 * 1,9,5  pf  of  Theorem  2.9  (Fundamental  theorem  of  Herbrand 
schemas) 

For  Herbrand  schemas,  the  notions  of  (a)  halting,  (b)  divergence, 
(c)  equivalence,  (d)  inclusion,  (e)  isomorphism,  and  (f)  freedom, 
for  all  interpretations,  are  equivalent  to  the  same  notions  for  the 
Herbrand  interpretations. 


'  (Informal)  (a),  (b),  (f)  These  are  immediate  from  the 

definition  of  Herbrand  schemas. 

(c)  This  follows  directly  from  (d)  below. 

(<!)  The  -only  if  part  is  trivial.  For  the  -if  part,  assume  it  is 
false.  Then  S1  <  Sg  on  v  ,  but  there  is  some  interpretation  I  such 
that  S±  halts  on  I  and  Sg  does  not  halt  with  the  same  value.  Now, 
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consider  the  Herbrand  interpretation  H  corresponding  to  I  .  As 
is  a  Herbrand  schema,  halts  on  K  . 

(i)  If  Val(S2, 1)  is  undefined  then  so  is  Val(S2,H)  as  S2  is  a 

Herbrand  schema,  and  hence  ^  Sg  on  %(  --a  contradiction. 

(ii)  Sn  halts  on  I  ,  and  hence  it  also  halts  on  H  ,  and 
Val(S1,H)  =  Val(S2,H)  ,  but  Val^l)  f  Val(Sg,l)  We  show  that 
this  is  impossible  by  considering  the  (natural)  homomorphism 

0  :  H  -*  I  from  H  onto  the  reachable  elements  in  I  (i.e., 
elements  that  can  be  expressed  in  constant  terms) .  Then,  we  see 
by  induction  on  the  number  of  steps  in  the  computation  that  at 
each  step  the  values  of  variables  in  the  computations  of  S1  on  H 
and  I  correspond  with  respect  to  9  ("variables"  includes 
arrays;,  stacks,  queues,  counters,  etc.,  and  recursion  is  also 
handled  --  and  9  is  extended  to  be  the  identity  function  over 
elements,  like  integers,  that  are  not  in  the  domain  of  H  ),  and 
similarly  for  S. ,  •  ""hen  we  have  Q(Val(S^,H))  =  Val(S^, 1)  ,  and 
0(Val(S2,H))  =  Val(S2,l)  ,  but  ValfS^H)  =  Val(Sg,H)  ,  and  hence 
Val(S1,l)  =  Val(S2,l)  --  a  contradiction. 

(e)  The  "only  if"  part  is  trivial,  and  the  "if"  part  follows  on  lines 
very  similar  to  the  proof  of  inclusion:  if  it  is  false  then  there  must 
be  a  counterexample,  say  for  an  interpretation  I  ,  and  Seq(S1,l)  and 
Seq(Sg,l)  do  not  agree  after  some  finite  number  of  steps,  but 
Seq(S1,H)  =  Seq(S2,H)  and  values  of  variables  correspond  at  each  step 
for  computations  on  I  and  H  --  which  yields  a  contradiction. 


2.1.9. b  Proof  of  Theorem  2.3  (Schemas  without  equality  are 


Herbrand) 

Schemas  that  have  no  equality  tests  are  Herbrand  schemas. 

Proof.  (Informal)  Assume  the  theorem  is  false.  Then  there  is  a 
schema  S  and  an  interpretation  I  for  S  (let  the  corresponding 
Herbrand  interpretation  be  H  )  such  that  the  paths  of  the  computations 
of  S  on  I  and  on  H  are  different.  Then  they  mast  first  be  different 
after  a  finite  number  of  steps  k  .  Then  as  in  the  proof  of  Theorem  2.2  (d), 
the  values  of  variables  in  the  two  computations  correspond  for  k-1 
steps,  and  the  k-th  step  must  be  a  predicate  test  (since  it  must  be  a 
test,  and  tests  on  booleans  yield  the  same  value,  and  tests  of  equality 
are  forbidden) .  But  the  outcome  of  the  predicate  test  must  be  the  same 
in  both  computations  (by  the  definition  of  H  corresponding  to  I  )  -- 
a  contradiction. 

□ 


2.I.9. 5  Proof  of  Theorem  2.b  (value  languages  are  r.e.) 

The  value  language  of  any  schema  S  is  recursive  enumerable. 

It  is  easy  to  see  that  given  any  finite  path  in  S  (starting 
from  the  start  statement)  it  is  decidable  whether  or  not  the  computation 
of  S  on  some  Herbrand  interpretation  follows  this  path.  Also,  given 
any  path  from  the  start  statement  to  a  halt  statement,  the  output  (for 
Herbrand  interpretations)  is  fixed  by  the  path,  that  is,  if  Hn  ,  Hg  are 
two  Herbrand  interpretations  on  which  the  computations  of  S  traverse 
the  same  path,  then  Val(S,H^)  =  Val(S,Hg)  . 

We  can  now  construct  a  partial  recursive  function  from  integers  to 
strings  whose  range  is  precisely  the  value  language  of  S  : 


b6 


"Let  n  be  the  input.  Generate  the  n-th  finite  path  in  a  (by 
any  predefined  ordering)  and  if  it  ends  at  a  halt  statement  and 
can  be  traversed  by  some  Herbrand  interpretation,  then  output 
[ Val(S,H) ]  where  H  is  any  such  interpretation;  otherwise 
diverge 

This  completes  the  proof.  ■  •  q 

2 • 2  Value  Languages  of  Schemas 

In  this  section,  all  schemas  are  assumed  to  have  only  monadic 
functions  (zero-ary  and  unary)  and  arbitrary  n-ary  predicates,  unless 
otherwise  stated. 

2.2.1  Flowchart  Schemas 
Theorem  2.7 

The  value  languages  of  flowchart  schemas  (with  monadic  functions)  that 
are  free  on  the  Herbrand  interpretations  are  precisely  the  regular  sets. 

As  a  corollary,  the  value  languages  of  free  flowchart  schemas  with 
monadic  functions  and  no  equality,  are  regular  (see  Theorems  2.3  and  2.2f) . 

The  proof  is  given  in  Section  2.2.3.  It  can  be  shown  that  the  class 
of  one-variable  flowchart  schemas  (even  with  resets  y  *-  ai  and  boolean 
variables,  but  without  equality)  can  be  translated  to  equivalent  free 
schemas  without  equality,  but  with  several  variables.  Then,  from  the 
proof  of  the  above  theorem  and  the  Corollary  2.6  we  have 

Theorem  2.8.  The  value  languages  of  schemas  of  1  var)  with  monadic 

functions,  are  the  regular  sets. 


The  fact  that  all  regular  sets  can  in  fact  be  generated  is  implicit 
in  the  proof  given  for  the  previous  theorem  in  Section  2.2.3. 

From  Theorem  2.7  it  follows  that  the  following  schema  S  is 

£L 

an  inherently  non-free  schema,  that  is,  it  cannot  be  translated  into  an 
equivalent  free  flowchart  schema  (without  equality  tests). 

‘V  START  <y1,y2)  -  (a, a); 

while  p(yx)  do  y  -  f(yx)  ; 

while  P(y2)  ho  begin  -  g(y1)  ;  yg  -  f(y2)  end; 

HALT(yi)  . 

The  schema  S&  is  inherently  non-free  because  L(S&)  =  (grV1  |  n  >  0} 

which  is  not  a  regular  language.  Note  that  the  comment  after  Theorem  2.1 

is  implicitly  used  here  in  the  unstated  assumption  that  any  equivalent 

free  schema  must  have  only  monadic  functions .  However,  S  is  indeed 

a 

equivalent  to  a  free  recursive  schema,  and  is  an  example. 

V  Fo  <=  Va) ! 

Fx(y)  <=  if  p(y)  then  gF-jf (y)  else  y  . 

The  Theorems  2.7  and  2.8  do  not  apply  to  nonmonadic  functions. 

As  an  example,  consider  the  schema  Sc  . 

Sc:  START  y  *-  a; 

while  p(y)  do  y  -  f(y,y) ; 

HALT(y)  . 

It  has  one  variable,  and  it  is  free,  but  the  value  language  L(S  )  is 
2n-l 

{f  I  n  >  0}  >  which  is  not  even  context  free. 
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Theorem  2.9 

The  value  languages  of  monadic  schemas  of  2  var)  are  the 
recursively  enumerable  sets. 

This  is  a  slight  generalization  of  a  similar  theorem  due  to  Garland 
and  Luckham  [1971],  in  which  they  show  that  the  value  languages  of 
monadic  schemas  of  C{)  are  the  r.e.  sets. 

2.2.2  Recursive  Schemas 
Theorem  2.10 

The  value  languages  of  recursive  schemas  (with  monadic  functions) 
that  are  free  on  the  Herbrand  interpretations  are  precisely  the  context 
free  languages . 

As  a  corollary,  the  value  languages  of  free  recursive  schemas  with 
monadic  functions  and  no  equality,  are  context  free. 

The  proof  can  be  found  in  Section  2.2.3.  It  follows  from  this 
that  although  the  schema  S  in  the  previous  section  could  be  translated 
into  an  equivalent  free  recursive  schema  (S^)  ,  the  schema  Sd  cannot, 
for  its  value  language  is  {f^g  f*1  |  n  >  0}  which  is  not  context  free. 

S^:  START  (y^y^  -  (a, a); 

vhile  p(yx)  do  yx  -  f(yx) ; 

while  p(y2)  do  begin  -  g(yx)  ;  yg  -  f(yg)  end; 

y2  *"  a; 

while  p(yg)  do  begin  y±  -  f(yx) ;  yg  -  f(yg)  end; 

HALT(yi)  . 

Theorem  2.11 

The  value  languages  of  schemas  of  C.(R,lvar)  with  monadic  functions, 

no  resets,  and  no  defined  function  inside  atomic  terms,  are  the  context 
free  languages  - 
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Note:  an  atomic  term  a  is  a  predicate  or  equality  term  used  in  a 
tei’t  (il^  a  then  ...  else  ...)  or  as  a  boolean  argument.  If  in  any 
function  definition  F±  <=  if  a  then  (x,^,^, . . . )  else  <x' , c^,a* , . . . )  , 

i  /  0  >  the  terms  x  or  x'  contain  a  zero-ary  function  a^  ,  we  call 
this  a  reset . 

This  theorem  is  a  generalization  of  a.  similar  theorem  by  Garland 

and  Luckham  [  197 1  ] ,  and  the  proof  is  presented  in  Section  2.2.3.  This 

theorem  does  not  follow  from  Theorem  2.10  (as  did  Theorem  2.8  from 

Theorem  2.7)  because  there  exist  one- variable  recursive  schemas  that 

cannot  be  made  free.  The  following  example,  schema  S  ,  is  due  to 

e 

Ashcroft,  Manna,  and  Phueli  [1971]. 

Se:  F0<=Fl(a)j 

Fl(y)  <=  if  p(y)  then  F^ffy)  else  y; 

F2(y)  <=  q(y)  then  f(y)  else  y  . 

The  theorem  shows  that  the  schema  ,  for  example,  cannot  be  translated 
into  a  recursive  schema  with  one  variable  (and  satisfying  the  conditions 
of  the  Theoiem  2.11). 

From  the  general  result  of  McCarthy  [1962]  that  any  schema  in 
C(n  var)  can  be  effectively  translated  into  an  equivalent  schema  of 
<3(R,n  var)  ,  and  using  the  Theorem  2.4  we  have  the  following. 

Corollary  2.12.  The  value  languages  of  monadic  schemas  of  C-(R,  2  var) 
are  the  recursively  enumerable  sets. 

2*2.3  Proofs  of  Theorems  on  Value  Languages 
2. 2. 3.1  Proof  of  Theorem  2.7 

The  theoiem  states  that  the  value  languages  of  flowchart  schemas 
(with  monadic  functions)  that  are  free  on  the  Herbrand  interpretations, 
are  precisely  the  regular  sets. 
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(l)  We  first  show  the  easy  part,  that  is,  that  all  regular  sets  can 
be  generated.  Given  any  regular  set  over  Z  =  [f^fg, . . .,  f  )  ,  we 
consider  the  deterministic  finite  state  automaton  A  that  accepts  the 

,...,qR}  where 

start  state,  and  F  cQ  is  the  set  of  final  states,  and  the  next-state 
function  is  6  :  Q,  x£  -*  Q,  .  We  construct  a  flowchart  schema  S  with 
one  variable  which  uses  unary  functions  symbols  f  ,f  , ...,fr  , 
a  zero-ary  function  symbol  a  ,  and  unary  predicates 

(note:  it  would  suffice  to  use  log0(r)  predicates,  but  this  construction 
is  slightly  simpler).  We  label  statements  L^,L^, ...,1^  in  correspondence 
with  the  states  q^,q^, ...,qk  of  A  .  In  addition  there  is  one  halt 
statement  L  :  HALT(y)  .  The  start  statement  in  S  is: 

START  y  *-  a;  goto  LQ 


regular  set.  Let  its  states  be  Q,  = 


Let  d.  .  denote  B(q.,f .)  •  Then  for  0  <  i  <  k  the  statements  of 
i,  J  1  J 

the  schema  are:  if  q^F  (i.e.,  a  final  state)  then 

Li  :  1£  Pj_(y)  then  begin  y  -  f-^y) ;  goto  Ld  end 

else  if  pp(y)  then  begin  y  ♦-  fp(y) ;  goto  L.  end 

ai,2 

else  if  p  (y)  then  begin  y  •-  f  (y) ;  goto  L.  end 


else  goto  L 


and  if  q^F  then 


V 


else  if  pr(y)  then  begin  y  -  fr(y) ;  goto  L^  end 
else  LOOP 


i,r 
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Now,  the  schema  S  is  clearly  free,  and  the  computation  can  reach  any 
statement  L.  with  value  x  ( in  the  Herbrand  domain)  if  and  only  if 
the  string  [x]  takes  the  automaton  from  the  start  state  to  state  q 
(recall  that  [x]  denotes  the  string  x  with  parentheses  end  unary 

function  symbols  removed).  Thus  the  value  language  for  S  equals  the 
given  regular  set . 

(2)  We  now  show  that  the  value  language  of  a  free  flowchart  schema 
(with  monadic  functions)  is  regular. 

Let  S  be  a  free  flowchart  schema,  with  variables  y  y  ...,y 

and  unary  functions  E  =  {f^,  . .  .,fr)  .  Without  loss  of  generality 

we  assume  S  has  a  single  halt  statement:  HALT(y1)  .  We  label  the 

start  statement,  and  all  the  assignment  statements  of  S  bv  L  L  T 

o'  i* "2*  *  *  ‘,iJk 

Let  Xi#J  denote  the  set  of  strings  in  Z*  corresponding  to  the 

possible  values  of  the  variable  y  after  statement  L.  is  executed 

J  i 

(on  a  Herbrand  interpretation) .  In  addition,  let  X  denote  the  set 
of  strings  corresponding  to  the  possible  outputs  —  in  other  words, 

X  is  the  value  language. 

We  will  now  demonstrate  a  set  of  recursive  equations  relating 
the  X's  and  having  the  property  that 

(a)  the  least  fixed  point  exists,  and  is  regular,  and 

(b)  the  least  fixed  point  corresponds  to  the  values  of  the  X's  for 
the  computations. 

Xi,j  :  suppose  {L±  ,Li  }  are  the  statements  of  S  for  which 

12  s 

there  is  a  path  from  L  to  L  without  passing  through  any  assignment 

j 
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(a)  We  have  a  right-linear  set  of  recursion  equations  (on  strings), 
and  such  a  system  has  a  unique  least  fixed  point,  namely,  the  regular 
sets  (one  for  each  of  the  X's  )  obtained  by  these  equations  treated  as 
productions. 


(b)  For  convenience,  we  will  rename  X,X,  to  be  Y,,Y„,...,Y  : 

a,  i  Jc,  n  1  2  ’  m 

and  we  define  the  sets 


Yl,0  =  Y2,0  -  •••  =  Ym>0  “  * 


and 


Yi,c+1  ^i^l,  c,Y2,c’  ‘  ‘  ‘  ,Ym,c^ 

where  ^  is  the  function  used  in  the  recursive  definition  (for  Y 
i  i 

Yi<=VYi'V->V  • 

Then,  the  least  fix-point  Y^  for  Y^  is  given  by 

Y.  =  U  Y.  =  the  least  fix-point  .  (*) 

X  1  •  C  '  ' 

C  <oo  ’ 

We  define  Z.  to  be  the  set  of  strings  corresponding  to  the 
variable  Y.  (which  is  sane  X.  .  or  X  itself)  obtained  in  not  more 
than  c  steps  of  the  computations  of  the  schema  S  (for  all  Herbrand 
interpretations)  where  a  "step"  is  defined  to  be  the  execution  of  the 
start  statement,  an  assignment  statement,  or  a  halt  statement  (i.e., 
not  loops  or  predicate  tests).  By  definition, 

U  Zi  c 

C  <m  J 

is  the  set  of  strings  corresponding  to  the  variable  Y^  in  all  possible 
computations.  We  have  to  show  that 

Yl=  U  Zl,c  ' 

c  <  00 


I 


t 
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but  for  the  induction  to  work  we  will  prove  the  stronger  result,  that 

Y.  =  U  Z.  for  all  i  <  m  . 

1  i,c  — 

c  <  co 


(i)  To  show  that  Y.  c  u  Z. 

1  ^  1  §  c 

_ C  <CQ _ 

We  will  prove  that  Y.  c  Z.  ,  and  then  by  equation  (*)  the 

C  1  j  X' c 

result  follows . 

The  start  step  is  trivial  as  Y.  -  =  <p  •  For  the  induction  step, 

1,  u 

c  >  0  ,  assume  it  is  true  for  c  ,  to  show  it  for  c+1  . 


Case  1.  Y.  <=  x  (where  x  =  [t  ]  is  a  constant)  is  the  recursion 

equation  for  Y^  .  Now,  as  the  schema  is  assumed  to  be  free,  and  all 

statements  are  reachable,  and  there  are  only  k  start  and  assignment 

statements,  the  statement  corresponding  to  Y^  must  be  executed  within 

k+1  steps,  i.e.,  Z.^c+1  =  (x)  ,  and,  of  course,  Y^c+1  =  [x]  ,  and 

hence  Y.  C  Z.  • 

i,c+l  x,  K^C+1 


Case  2.  Y.  <=  xY.  +  ...  +  xY.  ,  (x  =  [t])  ,  where  the  statements 
1  X1  Xs 

corresponding  to  Y.  ,...,Y.  lead  to  the  statement  for  Y^  without 

1  s 

any  intervening  assignment  (or  halt)  --  note:  only  Y^  corresponds  to 
the  halt  statement.  Since  the  schema  is  free,  all  paths  can  be  taken, 
and  by  the  definitions  of  Y.  ,  and  Z.  we  have 


Y4  X1  =  Jff.  +  ...  +  xY.  n 
i,c+l  ix,c  xs,c 


C  xZ .  .  ,  +  . . .  +  xZ .  ,  . 

i^k+c  Vk+C 


=  Z 


i,k+c+l  * 


(def) 

(ind  hyp) 
(def) 
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(ii)  To  show  that  (i  z.  c  Y 

_ c  <00  i,c  1 

We  will  prove  that  Z.  c  Y 

i>c  i,c 

The  start  step  is  trivial,  for  after  zero  steps  of  the  computation, 

a11  Zi,o'S  are  *  •  For  the  induction  step,  c  >  0  ,  assume  the  result 
is  true  for  c  ,  to  prove  it  for  c+1  : 

Case_l.  if  yi  <_  x  ,  then  Y^c+1  =  [x]  ,  and  %ifC+1  can  only  be  (p 
or  {x)  . 


Case_2.  If  Y.  <=  xY.  +  . . . + xY  then,  as  before, 

1  s 

Zi,c+1  =  xzi  c  +  •  •  •  +  xZi  (def) 

-L  s' 


c  xY  +...  +  XY. 

S'0 


(ind  hyp) 


-Yi,c+1  • 


(def) 


This  completes  the  proof  of  Theorem  2.7. 


2*2-3’2  Proof  of  Theorem  2.9 

The  value  languages  of  monadic  schemas  of  <3,(2  var)  are  the 
recursively  enumerable  sets. 

We  use  the  fact  that  a  recursively  enumerable  set  is  generated  by 
the  outputs  of  a  Turing  machine,  and  that  all  r.e.  sets  can  be  so 
generated.  Luckham,  Park,  and  Paterson  [1970]  have  shown  how  a  two- 
variable  schema  S  using  a  unary  function  f  and  a  unary  predicate  p 
can  simulate  a  Turing  machine  computation  such  that  S  diverges  unless 
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the  Turing  machine  halts,  and  if  the  machine  halts  then  its  output  can 
be  "read  off"  by  the  values  p(y1),p(f(y1)),p(ff(y1)),p(fff(yi)),  . . . 

in  some  coded  form,  where  is  one  of  the  variables  of  the  schema. 
We  modify  the  schema  S  so  that  before  halting  it  resets  y^  to  a 
(y2  ,  and  ^en  proceeds  to  apply  the  appropriate  functions  to  y^ 

as  read  off  by  the  variable  y1  ,  and  then  halts,  output ing  y0  .  We 
thus  obtain  a  subclass  of  2  var)  whose  value  languages  are  the  r.e. 
sets,  thus  proving  the  theorem  by  recourse  to  the  Theorem  2.4  that  the 
value  language  of  any  schema  in  C(2  var)  is  r.e. 


□ 


2. 2. 3. 3  Proof  of  Theorem  2.10 

The  value  languages  of  the  recursive  schemas  (with  monadic  functions) 
that  are  free  on  the  Herbrand  interpretations  are  the  context  free  languages. 

(1)  We  will  first  prove  the  simpler  part,  that  is,  that  all  context 

free  languages  can  be  generated. 

Let  G  be  any  context  free  grammar  over  the  nonterminals 

F1>F2* ..'  ’  and  the  terminals  f^fg, ...  ,  where  Fx  is  the  start 

symbol.  We  assume  G  is  in  Greibach  normal  form,  that  is,  all 

productions  have  the  form 

F.  -  F.  F.  . . .  F.  f . 

1  X1  12  \  J 

Suppose  there  are  at  most  m  productions  for  any  ,  then  in  our 

schema  we  will  have  m-1  unary  predicates  p^Pg, . .  .,pm  .  In  the 
schema  we  will  allow  definitions  like  (a)  F^y)  <=  t  ,  and  also 
(b)  nested  if-then  -  else '  s  ,  with  the  understanding  that  these  features 
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are  easily  eliminated  by  (a)  substituting,  and  (b)  adding  new 
defined  functions,  without  destroying  the  property  of  freedom  in  our 
particular  construction.  The  schema  is: 


Fq  <=  F1(a)  , 

and  for  each  F^  in  G  ,  if  there  are  n  -productions  for  F. 


Fi  -pi,i  fi,2  ••• 


1,1C1  J'l 


Fi-Fn,lFn,2  *•*  Fn,kfj 

n  un 


then  the  corresponding  defined  function  in  S  is: 
Ft(y)  <=  If  P-^y) 


else 


£i££  J£  Pn.i(y)  then  F  (...(f  (y))) 

7  '  Jn-1 

~  Fn,i(--*(fi  (y)))  • 

dn 


It  is  easy  to  see  that  this  schema  is  free,  and  its  value  language 
equals  the  language  generated  by  the  grammar  G  . 

(2)  We  now  prove  that  the  value  language  of  any  free  recursive  schema 
is  context  free. 

Given  a  free  recursive  schema  S  using  only  monadic  base  functions, 
we  construct  a  context  free  grammar  G  such  that  the  value  language 
of  S  is  the  same  as  the  language  generated  by  G,  S  has  +he  form 
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Fk(y*z)  <=  if  0^  then  *Ffc  else 

We  will  assume  that  no  short-cut  notation  is  used;  for  example,  if  F 
returns  just  one  data  value,  to  obtain  it  we  must  write  y  (F(...)) 
instead  of  just  F(...)  .  Similarly,  if  F±  returns  a  vector  that 
matches  the  argents  for  F2  ,  we  must  write  . .  O),!^ . . .)), 

instead  of  F^F^...))  . 

The  terminals  of  the  grammar  G  to  be  generated  are  the  unary 
function  symbols  of  S  .  The  nonterminals  have  the  form 
(Yi,Fj,yk) 

which  has  the  following  significance:  if  the  defined  function  FJ  is 

entered  with  any  string  x  for  its  k-th  data  argument,  then  (y.,P.,yk) 

represents  the  possible  strings  x»  that  could  have  been  added  to  the 

left  of  x  such  that  the  i-th  data  argument  of  p  can  exit  with  this 

J 

value  (i.e.,  y.'.x  ).  The  other  type  of  nonterminal  is 

(Ii’V 

which  represents  the  strings  Y.(F. (...))  could  exit  with  no  matter 
what  the  arguments. 

To  construct  G  ,  we  first  define  the  following  notation: 


where  t  is  any  term  (which  may  use  the  defined  functions)  to  be  a  set 
of  strings  as  follows: 


o 


(1) 

for 

any 

zero -ary  function 

a  : 

[a]  =  <p 

^i 

(2) 

for 

any 

yi  : 

lh\  -  A  *J 

and 

for 

j  /  i 

0) 

for 

any 

unary  f  : 

[f(T)]yi  =  f.[rJy 

(*) 

and 

[Y 

j(F(TrT2-))]y. 

=  U(Y. 
k  J 

'F,yk)-[,rkV. 

for  all  k  varying  over  the  data  arguments  of  F  . 
And  similarly,  [t]q  is  defined  as  follows: 


(1) 

(2) 

(3) 

W 


for  any  zero-ary  function  a  : 
for  any  y^  : 
for  any  f  ; 

and  tYjfffTi.Tg,. ..))]„  =  CljtT) 


ta]0  =  A 

[yi]0  '  ” 
[Y(T)]0-f.[T]0 


Note:  we  are  using  both  the  signs  u  and  +  (for  strings)  to  mean 
union. 

As  an  example 

[Y2(F(fg(a),Y1(G(y^,y1,a,fy  ))>hy,))  ] 

y3 

=  (Y2,F,y2)(Y1,G,y1) 

+  (V2,F,y2)  (Yi>  G,y^)  f 
+  (Y2,F,y5)h 


and 


Note  that  the  notation  is  a  little  informal, 
write  [y.]  =  {a}  ,  etc. 


We  should  strictly 


0 


L> 


C) 


0 


o 
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[Y2(F(fg(a),Y1(G(y5,y1,a, fy?) ) ,hy^) ) ]Q 


=  (y2,f) 

+  (VF^i)fe 

+  (Y2,F,y2)  (Y^G) 

+  (Y2,F,y2)(Yi,G,y3)  . 

Given  the  free  schema,  we  can  separate  the  defined  functions  into  two 
classes  —  those  that  can  eventually  return,  and  those  that  must  diverge 
This  can  he  done  by  building  up  the  set  of  functions  that  can  halt; 
starting  with  the  null  set: 

F( . . .)  <=  if  a  then  r  else  f ' 

F  can  halt  if  a.  can  halt  (i.e.,  all  defined  functions  in  it  can  halt) 
and  so  can  one  of  t  or  t'  . 

The  construction  of  the  grammar  G  ignores  all  boolean  variables, 
all  tests,  and  all  defined  functions  that  must  diverge.  If  the  start 
function  FQ  diverges,  then  the  language  is  the  empty  set.  Otherwise, 
we  build  G  as  follows: 

(1)  Fq<=t() 

The  start  nonterminal  in  G  is  (Y-^Fq)  : 

(Y^Fo)  -lT()]0  . 

(2)  Fi(y1,y2, . .  . . .)  <=  if  ot  then  t  else  t  ' 

where  F^  is  a  function  that  can  halt  (which  implies  that  a  can  halt) 
Then,  for  all  Y.,yv  (that  make  sense  for  F.  ),  if  t  =  (rn,T _,...)  , 

j  1  J m  ez 


and  it  can  halt,  then 


(Vpi’y*>  -  "A 


and 


and  similarly  for  t 1  . 

We  can  show  that  G  generates  the  value  language  cf  S  on  lines 
similar  to  the  proof  of  Theorem  2.7.  We  consider  a  Herbrand  interpre¬ 
tation  over  the  given  base  functions  and  predicates  and  also  over  a 
special  set  of  zero-ary  functions  where  n  is  the  number 

of  variables  in  S  .  Then,  for  any  and  integer  c  ,  we  associate 
the  sets  (Y^F^y^  which  stand  for  the  possible  strings  x  ,  such 
that  if  Fi(y1,y2,  ...,Zl,z2, ...)  is  entered  with  ^  =  b^^  ,  y2  =  bg,  ...  , 
then  YJ(Fi(...))  exits  with  value  x.bk  (for  all  possible  values  of 
the  ' s  )  without  executing  recursive  calls  of  depth  more  than  c  . 

And  similarly,  (Yj,F^)^  stands  for  the  strings  x  such  that 

Yj(Fi (•*•))  exits  with  value  x-ak  (for  any  k  ,  and  the  same  arguments 
to  F^  as  before).  Note:  by  the  depth  of  recursive  calls  we  do  not 
include  recursive  calls  required  to  evaluate  any  test  G!  in 

Fi  <=  —  a  ~l}llen  *  else  T '  .  We  can  then  show  by  least  fixed-point 
arguments  that 


U 

C  <  03 


^Yj,Fi,yk^c  LG^Yj,Fi,yk^ 


'k' 


where  the  right  hand  side  represents  the  strings  generated  by  the 

nonterminal  (Y..,F^,yk)  in  the  grammar  G  ;  and  similarly  for  (Y.,F.)  . 

J  1 

Thus  LqCy^Fq)  does  represent  the  possible  output  strings  in  this 
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augmented  Herbrand  interpretation  (with  the  additional  zero-ary  functions 
^1*^2*  **•  )•  Bu"k  'the  computation  for  1'^  never  computes  any  element 
x.b^  ,  and  hence  the  possible  output  strings  are  the  same  for  unaugmented 
Herbrand  interpretations  (without  the  b  ,b  , ...  ). 

2.2.$.b  Proof  of  Theorem  2.11 

It  is  easy  to  see  that  all  context  free  languages  are  generated  by 
one-variable  monadic  recursive  schemas  without  resets.  The  construction 
in  the  previous  section  applies. 

To  show  that  only  context  free  languages  are  generated,  let  S  be 
a  given  one-variable  recursive  schema  such  that  no  atomic  term  has  a 
defined  function,  and  S  has  no  resets.  We  define  the  depth  |t  |  of 
a  term  t  (constant  or  variable)  to  be  the  depth  of  nesting  of  function 
symbols  |a.|  =  |y.|  =0  ,  \f(jr  . . .,  Tn)  j  =  max(  Jt-J,  .  . .,  |xn|)+l  .  Let  k 
be  the  largest  depth  of  any  term  used  in  S  .  A  specification  state  Q 
of  3  defines  all.  predicates  on  all  terms  t()  and  -r(y)  such  that 
|t ( )  I ,  Jt (y)  |  <  k  .  In  addition,  it  may  also  specify  y  =  t()  for  some 
t()  wivh  |t()  |  <  k  —  in  which  case  the  values  of  predicates  respect  this 
specification.  Now,  given  the  specification  state  Q  for  y  ,  it  is 
clear  how  it  may  be  updated,  i.e.,  we  can  determine  all  possible  Q1 
for  f (y)  (for  any  unary  function  f  ).  Note  that  the  updating  is  done 
only  for  the  Herbrand  interpretations.  Also  note  that  n-ary  predicate 
symbols  and  equality  tests  are  handled  by  this  mechanism. 

Without  loss  of  generality  we  can  assume  that  in  S  ,  no  defined 
function  is  passed  any  boolean  arguments  --  any  schema  S  can  be  trans¬ 
lated  into  this  form  by  creating  many  copies  of  each  defined  function, 
and  testing  all  boolean  arguments  of  the  (old)  function  before  the  (new) 
function  is  called  (this  yields  nested  if-then-else* s  which  can  then 


be  eliminated.) .  Then,  as  the  schema  cannot  test  any  booleans  returned 
by  functions,  we  can  simply  remove  them  and  get  an  equivalent  schema 
that  uses  no  booleans  at  all. 

Now,  from  the  schema  S  we  construct  a  context  free  grammar  G 
as  follows.  The  nonterminals  are  of  the  form 
(QSF.,Q) 

where  Q,Q'  are  specification  states,  and  there  it.  a  special  start 
symbol:  (Fq)  •  Given  a  term  t  and  specification  states  Q',Q  we 
define  a  set  of  strings  (notation  Q'[t]q)  of  terminals  and  nonterminals 


1  as 

follows : 

(1) 

'i'[ai]Q  is  A 

if  the  predicates 

over  constants  agree  on 

Q  and  Q'  ,  and  in  Q'  ,  y  =  a. 

is  specified;  otherwise 

is  cp  . 

(2) 

Q'[y]Q  is  A 

if  Q'  =  Q  ;  otherwise  it  is  rp  . 

(3) 

Q'[f.(T)]Q  is 

U  f. .Q"[t]  where 

1 

the  union  is  taken  over 

all  Q"  that  can  be  updated  to  Q' 

by  applying  ^  . 

W 

Q'[F.(t)]q  is 

U  (Q',F.,Q").Q"[t]q 

for  all  Q"  . 

We  can  now  define  the  grammar  G  . 

(1)  Fq  <=  t  is  converted  into  the  following  productions  for  the 
start  symbol  (Fq)  of  G  : 

(Fq)  -Q'[T]Q 
for  all  Q',Q  . 

(2)  Fi(y)  <=  if  r1  =  Tg  then  t  else  t  '  . 

For  all  Q,  in  which  the  terms  r1  and  Tg  are  equal  (note: 


U 


L> 


o 
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T^,  tn  do  not  use  any  F^  ) 

(Q',F.,Q)  -  Q ’ [t  ]q 

for  all  Q’  ,  and  for  all  other  Q,  : 

(Q',F.,Q)  . 

(5)  Fi(y)  <=  if  Pj(T1,T2, ...)  then  t  else  T'  . 

For  all  Q  in  which  p.(x1,T  ,...)  is  true: 
(Q',F.,Q) 

and  for  all  other  Q  : 

(Q',F.,Q)  -  Q'  [t  '  ]  . 


□ 


This  lenma  includes  the  following  simple  generalizations  over  a 
similar  result  of  Garland  and  Luckham:  (l)  boolean  variables, 

(2)  tests  on  constant  terns  and  terms  using  the  variable  y  , 

(3)  equality  tests,  and  (1+)  n-ary  predicates. 

2.3  The  Power  of  Classes  of  Schemas 

2.3-1  On  the  Number  of  Variables  in  Schemas 

It  is  evident  that  any  flowchart  schema  S  which  uses  n  boolean 
variables  can  be  translated,  into  an  isomorphic  (and  hence  equivalent) 
flowchart  schema  with  no  boolean  variables.  This  can  be  accomplished 
by  creating  at  most  2n  "copies"  of  S  ,  one  copy  for  each  possible 
set  of  values  for  the  n  boolean  variables  . 
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Similarly,  any  recursive  schema  can  be  translated  into  an 
equivalent  recursive  schema  in  which  no  argument  of  any  defined  function 
is  a  boolean  variable.  We  now  wish  to  show  that  the  same  is  true  for 
the  values  returned  by  the  defined  functions  as  well.  In  fact,  we  will 
show  a  stronger  result:  that  any  recursive  schema  can  be  translated 
into  an  equivalent  recursive  schema  S2  which  uses  only  data  values, 
and  each  defined  function  returns  just  one  value.  It  is  possible,  however, 
that  the  number  of  operations  executed  by  S2  may  be  an  exponential  of 
the  operations  of  S1  (for  any  interpretation). 

-?.°.rem  2 -13.  Every  schema  S^R)  (or  in  <2-(R,  =)  )  can  be  effectively 
translated  into  an  equivalent  schema  S2  in  the  same  class  such  that 
only  data  arguments  are  passed  to  each  defined  function  in  S£  ,  and  each 
defined  function  returns  exactly  one  data  value  (and  no  boolean  values). 

For  the  proof  see  Section  2.5.4. 

Now  that  we  have  succeeded  in  restricting  each  defined  function  to 
returning  just  one  value  (while  retaining  the  power  of  all  recursive 
schemas),  the  natural  question  that  arises  is  whether  we  can  also  restrict 
the  number  of  arguments  to  be  one,  or  if  not,  to  two,  or  to  some  integer  n 
And  a  similar  question  may  be  asked  for  flowchart  schemas.  Value  language 
considerations  show,  for  example,  that  one-variable  flowchart  schemas 
cannot  give  us  the  power  of  all  flowchart  schemas  —  the  value  languages 
are  regular  (for  monadic  functions),  whereas  for  two-variable  schemas 
the  value  languages  are  all  the  r.e.  sets.  The  following  theorem  puts 
such  speculation  to  rest. 
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Theorem  2.14 

(a)  (3(0  var)  =  <3(R,0  var)  , 

(b)  C()  £  C-(R>1  var)  >  and 

(c)  <3(n+l  var)  ^<3(R,  n  var)  for  n  >0  . 

Part  (a)  of  this  theorem  is  trivial. 

Part  (b)  was  shown  by  Paterson  and  Hewitt  [1970]  by  showing  that 
no  flowchart  schema  is  equivalent  to  the  following  recursive  schema  Sa 
(we  use  nested  if- then- else ' s  with  the  comment  that  they  can  be 
removed  to  obtain  a  strictly  "legal"  one-variable  recursive  schema) : 

Sa:  Fq  <=  F(a) ; 

F(y)  <=  if  p(fx(y))  then  if  p(fg(y))  then  y 

else  F(f2(y)) 

else  if  r(F(f1(y)))  then  F(fg(y)) 

else  a 

This  schema  checks  to  see  if  there  is  an  infinite  sequence 

f.  ,f.  ,f.  ....  ,  each  i.  =  1  or  2  ,  such  that  all  the  tests 
3-1  i2  ij  0 

p(f.  (a)),p(f.  f.  (a)),p(f.  f.  f.  (a)),...  are  false.  The  schema 
1  x2  al  X2  X1 

halts  only  if  no  such  sequence  exists. 

Part  (c)  of  this  theorem  can  be  shown  by  demonstrating  that  the 

following  problem  can  be  solved  with  an  (n+1) -variable  flowchart  schema, 

but  not  with  any  n-variahLe  recursive  schema  (without  equality).  The 

problem  is: 

"  if  there  exist  integers  i,j  ,  0  <  i  <  n  ,  0  <  j  such  that 

p(gJf1(a))  is  false  then  halt  (with  output  a  ),  else  diverge  ". 

For  details,  see  Section  2.3.4. 
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Flowchart 
schemas 
(n  var) 


Recursive 
schemas 
(n  var) 


Figure  2.1 


The  cons  iquence  of  this  theorem  is  that  we  can  draw  the  diagram 
relating  flowchart  and  recursive  schemas.  In  Figure  2.1  an  arrow 
A  -♦  B  indicates  the  relation  "  B  is  strictly  more  powerful  than  A  ". 


2.3.2  Equality  Tests 

A  problem  is  said  to  be  a  Herbrand  problem  if  it  can  be  solved  by 
some  Herbrand  schema.  Otherwise,  if  it  can  only  be  solved  by  an 
inherently  non-Herbrand  schema  it  is  called  a  non-Herbrand  problem. 

All  schemas  in  <3(pds,q,list,A),  C^R)  are  Herbrand  schemas,  and  none 
of  them  can  solve  any  non-Herbrand  problem.  However,  there  exist  some 
very  simple  non-Herbrand  problems  which  can  be  solved  by  schemas  in 
<3(  =)  ,  for  example,  given  two  zero-ary  functions  a.^  ,  a the  problem 

Pa  =  "  if  a^  =  then  halt  (with  output  a^),  otherwise  diverge  " 
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can  be  solved  by  the  schema 

START  y  »-  a^; 

if  a1  &2  then  HALT(y)  else  LOOP  , 

demonstrating  that  £(  = )  ^  £(pds,q,list,A)  ,  and  £(  = )  ^  C(R)  • 

To  demonstrate  the  power  of  equality  tests  we  present  two  other 
(more  interesting)  non-Herbrand  problems  that  can  be  solved  by  schemas 
in  C,(A,  =)  . 

Example  1  --  Inverse  of  a  Unary  Function 
The  problem  is: 

Pb  =  "  given  a  unary  function  symbol  f  ,  a  zero-ary  function 

constant  a  ,  and  a  finite  number  of  other  n-ary  function 
symbols,  n  >  0  ,  write  a  program  schema  that  under  any 
interpretation  wjll  yield  a  value  of  "f_1(a)"  as  output. 
That  is,  it  should  find  an  element  y  that  can  be 
expressed  in  terms  of  the  given  function  symbols  such 
that  f(y)  =  a  ;  and  if  no  such  element  exists,  the 
schema  should  diverge 

This  is  a  non-Herbrand  problem  because  for  no  Herbrand  interpretation 
does  there  exist  an  element  y  such  that  f(y)  =  a  ,  and  hence,  if  any 
Herbrand  schema  S  claims  to  solve  it,  S  diverges  on  all  Herbrand 
interpretations,  and  hence  on  all  interpretations  (by  Theorem  2.2)  and 
this  is  certainly  not  the  desired  behavior.  A  schema  that  solves  the 
problem  is  presented  in  Section  2.3.b. 
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Example  2  --  Herbrand-like  Interpretations 

Given  a  set  of  function  and  predicate  symbols  of  which  there  is  at 
least  one  zero-ary  function,  we  say  that  an  interpretation  I  for  this 
set  is  Herbrand-like  if  there  exists  some  Herbrand  intezpretation  H 
such  that  there  is  a  1-1  homomorphism  from  H  into  I  .  in  other  words 
an  interpretation  I  is  Herbrand-like  if  and  only  if  for  every  pair  of 
distinct  terms  T x  and  Tg  (made  up  of  the  given  functions)  the 
elements  in  I  corresponding  to  t±  and  tg  are  distinct. 

Now,  consider  the  following  problem: 

Pc  =  "  given  an  interpretation  for  a  set  of  function  and  predicate 
symbols,  of  which  at  least  one  is  a  zero-ary  function  a  , 
determine  if  the  interpretation  is  not  Herbrand-like.  If 
the  interpretation  is  not  Herbrand-like  then  halt  with 
output  a  ,  else  diverge  ". 

This  problem  is  inherently  non-Herbrand  in  nature  because  a  schema  that 
solves  this  problem  must  diverge  for  every  Herbrand  interpretation.  But 
for  certain  other  interpretations  the  schema  should  halt.  A  schema  with 
equality  tests  that  solves  the  problem  Pc  is  presented  in  Section  2.3.4 
The  problem  PQ  is  an  abstract  model  closely  related  to  certain 
problems  in  real  life  programming.  As  an  illustration,  consider  a 
directed  graph  (with  an  identified  root  node)  in  which  each  node  has  two 
identified  pointers  leading  from  it.  Pointers  may  lead  to  a  terminal 
node  "NIL" .  The  problem  is  to  determine  whether  or  not  the  given  graph 
is  a  tree.  This  problem  may  be  modeled  by  the  above  problem  with  two 
monadic  functions  representing  the  two  pointers,  and  with  the  difference 
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that  the  search  for  the  equality  of  two  "terras"  is  conducted  not  for  the 
entire  set  of  all  terms,  but  for  those  terms  not  representing  NIL.  The 
correspondence  is  that  the  interpretation  is  "Herbrand-like"  for  this  set 
of  terms  if  and  only  if  the  corresponding  graph  is  a  tree.  Another 
related  problem  is  that  of  determining  if  a  given  LISP  list  is  circular. 
Here,  the  two  pointers  from  a  node  represent  the  car  ,  and  the  cdr 
of  the  list  represented  by  the  node. 

While  equality  tests  are  necessary  to  solve  some  non-Herbrand 
problems,  equality  can  be  used  to  solve  Herbrand  problems  as  well. 

We  give  two  examples  of  Herbrand  problem  which  are  solved  by  schemas 
with  equality. 

Example  3  —  Expose  the  False  One  (or,  the  Witch  Hunt) 

The  problem  is 

Pd  =  "  if  there  exists  an  element  x  of  the  form  gJ'fi(a)  , 
i,  j  >0  ,  such  that  p(x)  is  false,  then  halt  (with 
output  a  ),  otherwise  diverge  " . 

Our  discussion  on  Theorem  2.14  indicates  that  no  flowchart  or  recursive 
schema  (without  equality)  can  solve  this  problem.  However,  there  is  a 
non-herbrand  schema  in  C(  = )  that  can  solve  it  --  see  Section  2.3.4. 

And  yet,  it  may  be  noted  that  Pd  is  a  Herbrand  problem  for  it  can  be 
solved  by  a  schema  in  &(c )  . 

Example  4  —  Translation  of  Flowchart  Schemas  with  One  Counter 
The  recursive  schema 
Fq  <=  F(a); 

F(y)  <=  if  p(y)  then  f(y)  else  F(G(f(y))); 

G(y)  <=  if  q(y)  then  g(y)  else  G(G(g(y)))  , 
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is  a  canonical  form  for  schemas  in  C(lc,=)  in  that  any  schema  in  Qj(  lc,=) 
is  equivalent  to  the  above  schema  by  giving  appropriate  meanings  to 
a,f,g,p,(5  •  (Note:  these  functions  and  predicates  need  not  be  total, 
but  each  can  be  implemented  using  only  iteration.)  This  recursive  schema 

can  be  translated  into  an  equivalent  schema  from  <3(lc)  .  Plaisted  [1972] 
showed  that  it  could  also  be  translated  into  a  rather  large  schema  from 
CX)  .  However,  the  use  of  equality  gives  a  simple  schema  equivalent  to 
the  recursive  schema.  And,  in  fact,  this  can  be  used  as  a  basis  to  show 
that  any  schema  in  C-(lc)  or  <3(lc,=)  can  be  converted  quite  easily 
into  an  equivalent  schema  in  Q(  = )  .  For  details,  see  Section  2.3.4. 

Now,  the  relations  between  classes  of  schemas  with  and  without 
equality  can  be  summed  up  as  follows: 

Theorem  2.15 .  <3( features)  <  C( features,  =)  ,  where  by  "features"  we 

mean  such  things  as  variables,  counters,  stacks,  queues,  lists,  arrays, 
recursion,  but  excluding  equality  itself. 

2*3«3  Counters,  Stacks,  Recursion,  Arrays,  etc. 

In  this  section  we  wish  to  demonstrate  the  relationships  between 
the  various  classes  of  schemas,  and  in  particular  we  wish  to  show  the 
partial  ordering  suggested  by  Figure  2.2. 


cO 

Figure  2.2.  The  power  of  schemas 
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In  the  figure,  all  arrows  A  -  B  indicate  that  "  B  is  strictly  more 
powerful  than  A  " .  Classes  that  cannot  be  linked  by  the  transitive 
closure  are  indeed  unrelated,  for  example,  Cl A)  £■£>(-)  >  and  Cl  )  ^  (3(A) 
The  following  suffice  to  prove  the  relations  shown  in  figure  2.2 
above . 

Theorem  2.1 6 

(1-4)  £(R)  >3()  ,  £(R,=)  >£(=)  ,  Cl  A)  >Clc)  ,  Cl  A,=)  >  <3(e,=)  . 

(5-8)  <3(c)  >£()  ,  ^(c,=)  ><3(=)  ,  (3(A)  >ClR)  ,  <3(A,  =)  >  <3(R>  =)  * 

(9-12)  <3(  =)  >  Cl)  ,  C( R,=)  >3(F;i  ,  C( c,=)  >  C<c)  ,  &(A,=)  >  o(A)  . 

(13-15)  £(A)  £<}(=)  ,  £(R,=)  ^Ct(c)  ,  Clc,=)  ic{ R)  • 

Of  these,  (3) -(6)  and  (9)  -  (12)  are  immediate,  (l)  and  (2)  have  been 
known  for  a  long  time  --  see  McCarthy  [1962],  and  (7),  (8)  follow  easily 
from  a  similar  result  due  to  Constable  and  Gries  [  197 2 ]  and  using 
Theorem  2.13.  Part  (13)  is  immediate  because  schemas  in  Cl=)  can 
solve  non-Herbrand  problems  (e.g.  P  in  Section  2.3*2)  and  these 

a, 

cannot  be  solved  by  schemas  in  <3(A)  .  For  proofs  of  (14),  (15) ,  see 
Section  2.3*4. 

Theorem  2.17  (Cne-counter  Theorem) 

(a)  Cl)  =  C(lc)  ,  and 

(b)  Cl=)  =  <3(lc,=)  * 

This  was  proved  by  Plaisted  [1972].  Intuitively,  the  reasoning  is 
that  given  a  one-counter  schema,  one  can  get  rid  of  the  counter  and 
replace  it  with  a  few  variables  which  can  then  simulate  the  counter  by 
"counting"  on  the  interpretation  itself,  that  is,  on  the  values  taken  on 
by  the  other  variables  of  the  schema  along  the  path  of  the  computation. 


Theorem  2.18  (Two-counter  Theorem) 

(a)  (3(c)  =  C-(2c)  ,  and 
00  ®(c,=)  =  (3(2c,=)  . 

To  see  that  <3(c)  a  <3(2c)  ,  and  <3(c,=)  =  fl(2c,=)  ,  observe  that 
two  counters  are  adequate  for  simulating  the  behavior  of  n  counters 
for  any  n  (Hopcroft  and  U liman  [1969],  pg.  100)  as  follows:  let 
cl’c2’  '  ‘ '  ,cn  be  the  n  counters>  and  ^  ,  c2  be  the  two  that  are  to 

c'  c'  c'  c,'  c' 

simulate  them  --  the  value  of  c.  is  to  be  2  1  3  2  5  5  7  4  ...  Tf  n 

1  n 

where  nn  is  the  n-th  prime  number:  then,  incrementing  c!  is  like 
multiplying  c1  by  rr.  ,  decrementing  c!  is  like  dividing  cn  by  tt. 
and  testing  c'  for  zero  is  like  testing  if  tt.  divides  c  --  all 

*  X  J. 

these  operations  can  be  performed  by  using  c2  to  temporarily  store  an 
integer. 

Theorem  2.19  (Recursion  vs.  a  Stack,  and  a  List) 

(a)  <3(R)  =  0(1  pds)  h  d( l  list)  ,  and 

(b)  0(R,=)  =0(1  pds,-)  =0(1  list,  =)  . 

That  a  pushdown  stack  is  at  least  as  powerful  as  recursion  is  not 
unexpected  --  the  concept  that  recursion  can  be  implemented  by  a  stack 
has  been  around  for  a  long  time  in  the  theory  of  compilers.  The  converse, 
that  recursion  is  as  powerful  as  a  pushdown  stack  is  perhaps  not  so 
obvious;  but  it  is  certainly  not  mysterious  considering  that  in  recursion 
we  allow  the  defined  functions  to  return  a  vector  of  arguments  (see, 
however,  Theorem  2.13).  Relating  stacks  to  lists,,  it  is  clear  that  a  list 
can  do  anything  a  stack  can.  That  one  list  is  not  (strictly)  more 
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powerful  than  a  stack  is  interesting,  but  is  not  of  any  overwhelming 
importance  because  this  result  seems  to  depend  on  the  kind  of  basic 
statements  list  schemas  are  endowed  with. 

Our  last  theorem  deals  with  the  equivalences  of  a  large  number  of 
classes  of  schemas,  sometimes  also  called  the  "maximal"  classes. 

Theorem  2.20  (Maximal  Classes  of  Schemas) 

(a)  3(pds,q, list, A)  s  <3(1  pds,lc)  ■=  3(2  pds)  =  3(1  list,lc) 

=  ^(2  list)  s  3(lq)  =  3(1A)  ,  and 

(b)  3(pds,q,list,A,  =  )  h  3(1  pds,lc,  =)  h  3(2  pds,  =  )  =3(1  list,lc,  =) 

=  3(2  list,  =  )  =  3(lq,  =  )  =  3(1A,  =  )  . 

To  prove  this  theorem  it  suffices  to  prove 

C(pds,q,list,A)  =  3(1  pds,lc)  =  3(lq)  ,  and 

C-(pds,q,list,A,  =)  =3(1  pds,lc,  =)  =  3(lq,  =) 

because  a  list  is  at  least  as  powerful  as  a  stack,  and  a  stack  is  at  least 
as  powerful  as  a  counter;  and  further,  the  operation  of  a  stack  can  be 
simulated  with  an  array  (with  counters  to  subscript  it,  of  course) .  The 
proof  is  indicated  in  Section  2.3.4.  Note  that  to  use  an  array,  at  least 
one  counter  is  required;  and  one  counter  is  also  sufficient  in  that  the 
class  of  schemas  in  3(1A)  with  just  one  counter  is  as  powerful  as  3(1A) 
itself,  and  similarly  for  3(1A,=)  .  We  may  also  remark  here  that  for 
schemas  restricted  to  monadic  functions,  flowchart  schemas  augmented  with 
two  variables  have  all  the  power  of  the  maximal  classes,  that  is, 

3( 2c, monadic  fns)  =  3(pds,q, list, A, monadic  fns)  ,  and 
3( 2c,  =, monadic  fns)  =  3(pds,q, list, A,  =,monadic  fns)  . 
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It  is  interesting  to  label  the  vertices  in  Figure  2.2  in  another  way 
as  shown  in  Figure  2.3-  This  figure  can  be  treated  as  a  unit  cube  where 
the  axes  are  labelled  as  follows: 


x-axis:  "add  a  counter", 

y-axis:  "delete  a  counter,  and  add  a  stack",  and 
z-axis:  "add  equality  tests" . 


C(  lc) 

C(lc)  =  d) 

C(lc,  =)  =  c(») 

C(2c)  =  <3(c) 

<3(2c,  =  )  =  c(c,  =  ) 

3(1  pds)  a  3(R)  a  3(1  list) 

(3(1  pds,  =)  =  3(R,  =)  =  3(1  list,  =) 

(3(1  pds,lc)  =  (3(A)  a  (3(1  list,lc)  a  (3(2  pds)  =  3(2  list)  =  3(lq) 

=  <3(1A)  =  3(pds,q,list,A) 

<3(1  pds,  lc,  =)  —  3(A,  =)  =3(1  list,  lc,  =)  =3(2  pds,  =)  =3(2  list,  =) 
=  C-(lq,  =)  -  (3(1A,  =)  =  3(pds,q, list, A,  =  ) 


Figure  2.3 


rmaxm 


Note  that  the  Figures  2.2  and  2.3  are  "isomorphic". 

Intuitively,  there  seem  to  be  three  inherent  factors  that 
determine  the  power  of  schemas. 

(1)  The  amount  of  data  space.  Flowchart  schemas,  even  with  counters 
and  equality  tests  have  a  fixed  finite  amount  of  space,  that  is,  the 
number  of  data  variables.  It  is  for  this  reason  that  they  cannot  compute 
very  large  eerms  that  require  the  saving  of  an  arbitrarily  large  number 
of  data  values.  For  example,  no  schema  in  <3(c,  =)  is  equivalent  to 
the  recursive  schema 

F0  <=  Fx(a) ; 

F-^y)  <=  if  P(y)  then  h(F(f(y)),F(g(y)))  else  y  . 

Recursive  schemas  act  as  if  they  have  an  unbounded  amount  of  space,  as 
do  schemas  with  stacks,  queues,  lists  or  arrays.  The  amount  of  space 
available  to  a  schema  is,  however,  not  a  limitation  when  only  schemas 
with  monadic  functions  are  considered  since  in  that  case  any  (constant) 
term  can  be  computed  with  only  one  data  variable  by  applying  the  proper 
base  functions  in  the  right  order. 

(2)  The  control  capability.  Boolean  variables  and  counters  are 
examples  of  control  features.  We  have  seen,  however,  that  boolean 
variables  add  no  inherent  power  (except  to  make  a  schema  more  compact). 
And  two  counters  add  as  much  control  capability  as  one  might  want  because 
we  can  simulate  the  computation  of  a  Turing  machine  (with  zero  input) . 

The  question  then  is  whether  or  not  one  counter  adds  any  power.  The 
answer  is  that  it  depends  on  the  schema.  For  example,  the  addition  of 
one  counter  to  flowchart  schemas  adds  no  power,  whereas  the  addition  of 

a  counter  to  <3(lc)  ,  or  to  (3.(1  pds)  does  indeed  add  power.  Adding  a 
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counter  to  cX 2  pds)  or  to  £,(lq)  ,  or  to  the  corresponding  ones  with 
equality,  adds  no  power  because  these  classes  seem  to  be  omnipotent 
anyway  as  far  as  control  capability  is  concerned.  The  features  of 
recursion  and  a  pushdown  stack  act  as  if  they  provide  some  control 
capability  (to  flowchart  schemas),  but  not  as  much  as  two  counters. 
Similarly,  equality  tests  too  provide  some  control  capability  as 
evidenced  by  the  fact  that  a  schema  in  £,(=)  can  solve  problem 
(Example  3  in  Section  2.3*2)  which  cannot  be  solved  by  (^(R)  . 


(3)  The  test  capability.  In  our  standard  classes  of  schemas  we  placed 
no  restriction  on  the  kind  of  tests  (on  data  items)  allowed  except  as 
to  whether  equality  tests  were  permitted,  or  were  banned.  Another 
restriction  that  could  be  placed  is  the  maximum  depth  (of  nesting  of 
function  symbols)  of  terms  allowed.  For  example,  if  we  allow  only  tests 
of  the  form  p(y)  and  p(f(y))  in  one-variable  monadic  schemas  without 
resets,  we  would  obtain  a  class  strictly  more  powerful  than  the  Ianov 
schemas  (which  allow  only  p(y)  ) .  In  general,  we  find  that 
dX n  var,  depth  d+l)  >  C,(n  var,  depth  d)  , 
and 


C-(n+l  var,  depth  d)  >  &(n  var,  depth  d) 

These  can  be  shown  by  constructing  a  schema  quite  similar  to  the  one 
used  in  the  proof  of  Theorem  2.1 4. 


2.3-4  Proofs  on  the  Power  of  Schemas,  and  Detailed  Examples 
2. 3.^.1  Proof  of  Theorem  2.13 

The  theorem  states  that  every  schema  S^e(3(R)  (or  in  qX R,  = )  )  can 
be  effectively  translated  into  an  equivalent  schema  3g  in  the  same  class 


such  that  only  data  arguments  are  passed  to  the  defined  functions  in 
and  each  defined  function  returns  just  one  data  value  and  no  boolean 
values . 


> 


Proof: 


Step  1:  S1  ->  Sj  .  It  is  trivial  to  see  how  S-j^  can  be  converted  into 

an  equivalent  schema  such  that  in  no  boolean  values  are  passed 

to  any  defined  function.  This  can  be  done  as  follows:  if  any  defined 
function  F  in  S1  is  passed  m  boolean  variables,  then  in  S2  we 
have  2m  defined  functions  correspc  Hng  to  F  ,  one  for  each  possible 
set  of  values  the  boolean  variables  may  take.  Then,  if  in  any  function 
definition  of  S^  ,  if  F  is  called  with  some  arguments,  then  the  proper 
function  in  S2  is  called  without  any  boolean  values.  This  may  involve 
testing  the  boolean  arguments  before  the  call  (as  they  may  be  predicate 
or  equality  tests)  yielding  nested  if-then- else1 s  ,  which,  of  course, 
can  then  be  eliminated  by  using  additional  defined  functions. 


Step  2:  S, 


.  Now,  given  the  schema  S^  ,  we  wish  to  convert  it 


into  an  equivalent  schema  S^  such  that  defined  functions  return  no 
boolean  values,  only  data  values,  and  all  arguments  are  data  values  too. 

To  do  this  we  will  change  the  defined  functions  in  so  that  they 

return  data  values  instead  of  their  boolean  values.  These  data  values 
will  be  treated  as  if  they  are  really  booleans  by  applying  some  fixed 
test  on  them. 

We  now  have  the  problem  of  discovering  what  data  values  are  to 
correspond  to  "true"  and  "false",  and  what  fixed  test  we  are  going  to 
use.  This  is  the  concept  of  finding  a  "locator"  (Constable  and  Gries  [1972])  . 
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In  the  class  C(R,  =)  this  is  trivial,  for  we  can  simply  test  to  see 


if  all  zero-ary  functions  are  equal.  If  they  are,  we  apply  all  base 

\ 

functions  to  them  to  see  if  we  can  generate  a  new  element.  If  not,  then 
all  terms  must  yield  the  same  value,  and  now  the  outcome  of  the  computation 
is  quite  easily  determined.  Otherwise,  we  will  find  two  constant  terms 
T1  ’  t2  mos"t  one),  whose  values  are  distinct.  Then  we  can 

simply  use  to  stand  for  "true",  to  stand  for  "false",  and  the 

test  on  a  value  x  to  see  if  x  is  true  or  not  is  "  x  =  t,  ". 

In  the  class  CJ( R)  ,  on  the  other  hand,  our  problem  is  a  little 
more  difficult.  We  proceed  on  the  lines  of  Constable  and  Gries  [1972] 
to  build  a  flowchart  with  "exits",  which  executes  the  computation  of  the 
recursive  schema  until  it  tests  some  predicate  more  than  once,  and  it  turns 
out  to  have  different  outccmes  (true,  and  false)  in  two  of  the  cases;  in 
which  case  the  flowchart  exits  (S^  has  one  copy  of  for  each  exit) . 

Suppose  pi(x1, . . .,xfc)  is  true,  and  p^(x^, . . *,x^)  is  false  then  the 
recursive  schema  can  begin  normal  operation,  and  each  defined  function 
returns  the  set  of  vectors  xn,...,x,  instead  of  returning  a  true  value 
and  returns  x^,  ...,x^  instead  of  a  false  value.  Of  course,  each  defined 
function  has  to  be  passed  the  data  values  x^, . . . ,x^,x^, . . ,,x^  as  arguments 
(as  well  as  the  standard  arguments) .  It  is  easy  to  see  that  a  flowchart 
can  simulate  the  computation  of  the  recursive  schema  because  if  a  function 
F^  is  called  recursively  within  another  call  to  F^  then  the  arguments 
of  the  earlier  call  do  not  have  to  be  remembered  for  the  schema  would  exit 
before  the  second  call  "returns".  Now,  of  course,  we  convert  the  flowchart 
locator  into  recursive  definitions  to  get  the  required  schema  . 


Step  3:  S^  -»  Sg  .  Finally,  we  translate  S^  into  the  desired 

schema  S^  where  each  defined  function  returns  just  one  data  value 
(and  all  arguments  are  data  values  too)  .  This  is  done  as  follows. 

Suppose  any  defined  function  F  in  S^  returns  a  vector  of  n  data 
values,  then  we  replace  it  by  n  functions  (in  Sg  ) ;  call  them 
F^,  ...,Fn  .  Then,  any  term  like  Y^(F(...))  in  S^  is  replaced  by 
Fi(...)  in  Sg  ;  and  of  course,  each  F^  returns  just  one  value  —  the 
i-th  value  that  F  would  return.  That  F^(...)  does  indeed  equal 
Y.(F(...))  for  all  arguments  in  the  computation  of  the  recursive  schemas 
can  be  proved  by  induction  on  the  depth  of  recursion,  simultaneously  for 
all  defined  functions;  but  we  dispense  with  such  formalism  which  doesn't 
add  to  the  intuitive  concept  of  the  proof. 

This  completes  the  construction,  and  the  proof. 

□ 


2.3.b.2  Proof  of  Theorem  2.14 

To  prove  that  there  exists  a  schema  S  in  <3(n+l  var)  such  that 
no  schema  in  <q,(R,n  var)  is  equivalent  to  it. 

The  desired  schema  S  is: 

S:  START  (yQ,y-^,  •  •  .,?yn)  (a,  a,...,  a); 

yl  *"  f  (y(P 5  y2  *“  f  1 (yi)  >  *  *  •  >  yn  *"  fl (yn-l)  ’ 
while  p(yQ)  A  p(yx)  A  ...  A  p(yR)  do 

^y0,y1,,,,,yn)  “  <e(y0^g(yi^“^g(yn)>; 

HALT (a)  . 

Suppose  there  is  a  schema  S^  in  C-(R,n  var)  that  is  equivalent 
to  S  .  Without  loss  of  generality,  assume  that  in  S^  no  defined 
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function  is  passed  any  boolean  arguments  (see  step  1  in  the  proof  of 
Theorem  2.13)  •  Also,  without  loss  of  generality  assume  that  S1  has  no 
function  other  than  a,f,g  ,  and  no  predicate  other  than  p  (Theorem  2.1). 
Now,  consider  the  computation  of  on  a  Herbrand  interpretation  in 
which  all  p(x)  are  true.  Then  the  schema  Sx  must  be  in  a  "loop",  that 
is,  for  some  defined  function  F  ,  F  is  called  at  successively  larger 
recursion  depths  (possibly  with  different  arguments)  —  this  is  because 
if  F  calls  itself  recursively  then  the  schema  must  loop  (because  F  is 
passed  no  booleans,  and  the  only  tests,  other  than  those  on  booleans 
returned,  are  p(r)  ) .  We  define  the  "type"  of  the  elements  of  the  Herbrand 
domain  as  follows  —  any  element  of  the  form  fi(a)  ,  i  <  n  ,  is  said  to 
be  of  type  (0,  i)  ,  any  element  of  the  form  gJ'fi(a)  ,  j  >  1  ,  i  <  n  , 
is  said  to  be  of  type  (1,  i)  ,  and  all  other  elements  have  type  (0,n+l)  . 

Now  consider  two  calls  to  F  in  which  the  types  of  all  variables  repeat. 

Then  after  the  same  interval  they  will  repeat  again,  and  again,  and  so  on, 
because  exactly  the  same  sequence  of  "statements"  are  being  executed.  We 
call  this  a  cycle  of  the  computation.  Now,  as  F  has  at  most  n  arguments, 
there  must  be  some  type  number  (l,m)  ,  0  <  m  <  n  ,  such  that  no  argument 

in  F  has  type  (l,m)  .  Now,  if  we  consider  the  finite  interval  in  a 
cycle,  only  a  finite  number  of  values  of  type  (l,m)  can  be  tested  (by 
the  predicate  p  )  during  this  time,  an^  the  same  values  are  tested  over 
and  over  again.  Hence,  as  there  are  only  a  finite  number  of  operations 
executed  before  the  cycles  start,  the  whole  computation  can  check  only  a 
finite  number  of  values  of  type  (l,m)  .  Now,  if  we  change  the  interpretation 
slightly  by  making  the  predicate  p  on  one  of  the  untested  values  of  type 
(l,m)  to  be  false,  then  the  computation  of  S1  must  be  the  same  as  before, 
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that  is,  S1  diverges,  whereas  S  halts  on  this  interpretation  - 
contradicting  the  assumption  that  S^  is  equivalent  to  S  . 


□ 


$■ 


t 


2 . 3 . b . 3  Example  1  —  Inverse  of  a  Unary  Function 
For  simplicity  we  assume  that  the  only  functions  are  a  single 
zero-ary  function  a  ,  the  given  unary  function  f  and  a  binary 
function  g  .  The  possible  terms  are  therefore: 

a  ,  f (a)  ,  g(a, a)  ,  f(f(a))  ,  g(f(a),f(a))  ,  g(a,f(a))  ,  ...  . 

The  schema  for  any  other  set  of  functions  is  similar  to  the  one  for  this 
particular  case. 

Symbols  c^, c2,c^  stand  for  counters.  Strictly,  the  only  operations 

allowed  on  counters  are  adding  and  subtracting  one,  and  testing  for  zero. 

For  convenience,  however,  we  will  also  allow  other  statements  such  as 

c.  -  0  ,  c.  *-  c.  ,  and  tests  like  c .  =  c  .  ,  as  it  is  clear  that  these 
i  i  0  J 

operations  can  be  performed  using  only  the  legal  operations  and 
additional  counters. 


(1) 


(2) 

(3) 

(h) 


START  (y,  z)  «-  (a, true),  A  *-  (a, true); 
A[0]  -  y; 

C1  *“  c2  -  °i 

REPEAT:  <y,z)  -Atc-J; 
if  f(y)  =  a  then  HALT(y) ; 

c2  *■  c2+1;  A^C2^  *" 

cg  -  c2+i;  a[c2]  -  <g(y,y),z); 


c3  -cl; 
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while  /  0  do 


begin 

c3  -  CJ-1; 
c2  -  c2+lj  A[c2] 

C2  *"  C2+1’  A^C2^ 


<g(A[c5],y),z> 
<g(yja[Cj])j  z) 


ci  ~  ci+1; 

(5)  -  goto  REPEAT. 

After  the  initialization  phase  (lines  (1)  to  (2))  (ignoring  all  booleans) 
A[0]  =  a  ,  ci  =  c2  =  0  • 

After  completing  one  pass  through  the  outer  loop  of  the  program  (lines 
(3)  to  (5)) 

A[l]  =  f(a)  ,  A[2]  =  g(a,a)  ,  ci  =  1  >  c2  =  2  > 

and  after  a  second  pass 

A[3]  -  f(f(a))  ,  A[4]  =  g(f(a),f(a))  , 

A[5]  =  g(a,f(a))  ,  A[6]  =  g(f(a),a)  ,  c±  =  2  ,  c2  =  6  . 

The  algorithm  works  as  follows:  two  pointers  ^  and  Cg  reference  the 
array.  A[c  ]  represents  the  "current"  value.  If  the  current  value  is 
not  an  inverse,  as  determined  by  line  (4),  it  is  composed  with  values 
preceding  it  in  the  enumeration  by  function  applications,  and  the  new 
values  obtained  are  added  to  the  array. 

It  can  be  shown  by  induction  that  the  process  of  enumeration 
generates  and  tests  each  possible  term  exactly  once.  This  means  that 
an  inverse  will  be  found  if  it  exists.  The  point  at  which  the  test  of 
the  inverse  is  made  could  be  changed  to  effect  time  efficiency  but 
without  altering  the  main  features  of  the  program. 
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2 . 3 . 4 . 4  Example  2  --  Herbrand-like  Interpretations 
We  assume  that  the  only  functions  are  a  single  zero-ary  function  a  , 
a  unary  function  f  and  a  binary  function  g  .  Therefore  the  set  of 
terms  includes 

a  ,  f(a)  ,  g(a,a)  ,  f(f(a))  ,  g(f(a),f(a))  ,  g(a,f(a))  ,  ...  , 
that  is,  the  same  as  in  the  previous  example.  The  required  schema  is: 


(1) 

(2) 

(3) 


(4) 


(5) 


START  <y,y',z)  -  (a, a, true)  ,  A  -  (a, true); 
A[0]  -  <y,z); 


""  ci  “  c2  *"  °> 

-  REPEAT:  <y,z)  -AlcJj 


r 


'4  “  ci> 

while  Cj  /  0  do 
begin 

c4  -  c^-l;  <y',z)  -  A[cjf3 ; 
if  y'  =  y  then  HALT; 
end; 


C2  *“  C2+1;  A^G2- 


<f(y);Z)5 


c2  "  c2+1;  a^c2^  “  <s(yjy)>z); 


■c3  “  cl; 


while  c.  /  0  do 
begin 


Cj  Cj-1; 


C2  *”  c2+1;  A^G2^  "  <s(A[c5],y),z); 

C2  “  c2+lj  A^c2^  *"  <s(y>A[Cj]),z); 
end: 


C1  Cl+1; 
goto  REPEAT. 
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This  program  is  quite  similar  to  the  previous  one  in  the  manner  of 
enumeration  of  terms.  The  fact  that  each  term  is  generated  exactly  one 
is  used  in  making  the  test  (4)  to  check  if  a  value  is  repeated. 


2.3.4.5  Example  3  --  The  Witch  Hunt 
"To  find  an  element  x  of  the  form  g^f^a)  ,  i,j  >  0  ,  such  that 
p(x)  is  false".  The  desired  schema  of  £(=)  uses  seven  variables  — 

ya  ’  yb  *  yl  ’  y2  >  y3  >  y4  ’  ^5  • 

(1)  START  (y^y^y^yg, yj,y^,y  )  •-  (a, a, a, a, a, a, a); 
i£  P(a)  then  HALT  (a)  ; 

(2)  —  NEXT-.y^y^ 

While  y2  /  yb  do 

beeljl  if  y-L  =  f(yb)  then  goto  RESET; 
yl  *"  e(yl) 


if  yb  =  f(yb)  then  goto  RESET; 
yb  -  f(yb)  > 

if  p(yb)  then  HALT  (a) ; 

<yl’y2>  -  <ya'ya>; 

while  y1  f  yfe  do 

b?gin  y-L  -  g(y1) ;  y2  -  f(yg) ; 

y3  *"  yl;  y4  -  y2; 

f  yb  —  ^in  ^3  -  g(y5) ;  y4 

if  -I  p(y4)  then  HALT  (a) ; 


g(y4)  end; 


goto  NEXT; 


—  RESET:  <yi;y2)  -  <ya,ya>; 
FAIL:  y1  -  g(y1) ;  yg  -  f(y2) ; 

y3  *"  yi;  y4  *“  y2; 
while  y5  /  yb  do 

begin  y^  -  yg; 

while  ^  y^  io 


begin  if  y^  =  g(y^ 

y5  -  g(y5) 


=  g(y^)  then  goto  FAIL; 


if  y^  =  g(y^)  then  goto  FAIL; 

y5  -  g(y5) ; 


g(yk) ; 


SUCCEED:  y&  *-  yg; 


yh  -  yV 
goto  NEXT. 


The  operation  of  the  schema  may  briefly  be  described  as  follows. 
The  schema  effectively  "counts"  on  the  range  of  values  from  y  to  y, 

3,  D 

all  of  which  are  guaranteed  to  be  distinct.  The  part  of  the  schema 
between  lines  (2)  and  (3)  checks  to  see  if  counting  can  be  done  on  a 
larger  domain:  from  y  to  f(y,  )  •  If  bo,  then  the  "slice"  of  values 
shown  in  the  figure  below  are  tested  to  see  if  the  predicate  p  is 


false  for  any  of  them. 


If,  however,  the  domain  from  y  to  y,  cannot  be  extended,  then  the 

Q.  D 

segment  of  the  schema  from  lines  (6)  to  (7)  resets  y  and  y  . 

cl  D 


and  one  counter  c  . 


* 


t 


6 


G 


o 


o 


START  y  •-  a; 
while  -i  p(y)  do 
begin 

y  -  f(y); 

while  true  do 

11  q(y) 


(1)  — 
(2)  — 


(3)  — 


DONE : 

HALT(f(y) )  . 


then  begin 

y  -  s(y)  > 

if  c  =  0  then  goto  DONE; 

c  *-  c-1 

end 

else  begin 

y  -  g(y); 

e  •-  c+1 
end; 

end; 


O 


The  corresponding  equivalent  flowchart  schema  with  equality  uses 
three  variables  instead  of  a  counter: 


y  represents  a  zero  counter; 


yc  simulates  the  counter,  and 


y^.  is  a  temporary  variable. 


The  idea  is  that  yc  simulates  a  counter  by  using  the  value  gn(y  )  to 

8> 


represent  the  integer  n  .  Therefore,  the  statement  y  -  y  stands 

C  Q, 


for  c  -  0  ,  yQ  *-  g(yc)  stands  for  c  -  c+1  ,  and  the  statements 


^■yt  *”  ya*  wh*le  s(yt)  Z  yc  do  yt  *■  sCy^.);  yc  *■  yt]  stand  for  c  «-  c-1 
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We  have  to  be  careful,  however.  The  term  gn(y  )  stands  for  the 
integer  n  ,  n  >  0  ,  only  if  for  no  two  distinct  i,j  <  n  are  the 
terms  g^v  )  and  g^(y„)  equal.  Interpretations  for  which  the 
counter  is  required  to  count  up  to  an  integer  n  where  there  exist 
i,j  <  n  ,  i  /  j  ,  such  that  g1(yo)  =  gJ(yo)  are  called  looping 
interpretations.  It  is  easy  to  see  that  for  looping  interpretations 
the  given  recursive  schema  never  halts .  The  required  program  schema  is 
therefore  easy  to  construct . 


START  <y,ya,yc,yt>  -  <a,a,a,a>; 
while  p(y)  do 
begin 

y  -  f  (y) ; 

ya  -  y;  yc  -  ya; 

while  true  do 

if  q(y) 

then  begin 

y  -  g(y)  5 

(1)  —  if  y_  =  y_  then  goto  DONE; 

yt  -  ya’ 

(2)  —  j  while  g(yt)  h  Yc  do  yt  -  g(yt) ; 

|__  yc  "  yt 

end 


“1 
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else  begin 


* 


9 


r. 


r 


L 


(3)  — 


DONE:  end; 
HALT(f(y))  . 


g(y); 


yt  -  ya’ 


1 


while  /  y_  do 

■  o  C 

if  yt  =  g(yQ)  then  LOOP 


check 
for  a 
looping 
inter - 

else  y.  -  g(y, ) ;  i  preta- 


if  yt  =  g(yc)  then  LOOP; 


tion 


J 


yc  -  g(y0) 

end; 


€ 


Note  that  this  flowchart  schema  is  equivalent  to  the  given  recursive 
schema  even  when  the  functions  and  predicates  are  not  total. 


r> 


r. 


Proof.  C(=)  =  (3(lc,=) 

Since  (J(=)  <C-(lc,=)  ,  we  only  have  to  prove  that  <3(=)  >(3(lc,=)  . 

Given  a  schema  in  C^lc,=)  ,  we  reduce  it  to  a  canonical  form  S' 

(for  one  counter  schemas)  which  is  a  recursive  sch'-ana  whose  base 
functions  a  ,  f ,  g  ,  and  predicates  p  ,  q  need  not  be  total,  and  we 
can  give  a  meaning  to  a  ,  f  ,  g  ,  p  ,  q  in  terms  of  the  base  functions  and 
predicates  of  S  that  makes  the  schema  S’  equivalent  to  S  .  Further, 
the  "meaning"  for  all  a  ,  f  ,  g  ,  p,  q  is  flowchartable .  Thus,  we  would 
find  that  since  we  have  a  schema  S"  in  ^(=)  equivalent  to  S’  ,  if 
we  substitute  the  meanings  of  the  functions  and  predicates  we  would  obtain 
a  schema  in  (3(=)  equivalent  to  S  .  For  convenience  below,  after  every 
statement  c  »-  c+1  in  S  insert  a  (distinct)  null  statement,  say 
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*”  •  the  eumonical  lorm  o'  below  cun  be  simplified,  somewhat, 

e.g.  the  term  F(G(f(y)))  can  be  changed  to  F(G(y))  —  we  choose  not 
to  do  so  here.  The  schema  S'  is 

S':  Fq  <=  F(a) ; 

F(y)  <=  if  p(y)  then  f(y)  else  F(G(f(y))); 

G(y)  <=  if  q(y)  then  g(y)  else  G(G(g(y)))  . 

We  will  represent  the  meanings  of  a  ,  p  ,  q  ,  f  ,  g  by  nonrecursive 
subroutines.  Without  loss  of  generality  assume  that  there  are  no  loop 
statements  in  3  ,  that  all  halt  statements  are  of  the  form  HALT(y^)  , 
and  that  all  statements  are  labeled.  Suppose  y  =  (y^, . .  .,y  )  and 
z  =  are  the  variables  in  S  .  Consider  any  interpretation 

for  S  with  domain  D  .  Then  the  domain  D?  for  S'  is  Dn  x  {T,F}m+* 
where  l  -  T  log2  si  and  s  is  the  number  of  statements  (or  labels) 
in  S  .  We  will  represent  an  element  in  D'  as  a  vector  (y,  z,L>  where 
L  is  a  label  whose  value  corresponds  to  a  label  in  S  ( L  is  to  be 
implemented  by  booleans) . 

(i)  If  the  start  statement  in  S  is 

START  <y,z>  -  <f (),«()>;  goto  Ih 
then  a  is  (■?(),&(), L^)  . 

(ii)  f((y',z',L'»  is 

begin  data  y;  boolean  z;  label  L; 
y  -  y' ;  z  -  z» ;  L  -  Lf ; 


REP:  goto 
1^:  STATEMENT^ 

L^:  STATEMENT 2 ; 

Lo :  STATEMENT  : 

s  s’ 

end  . 
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Above,  a  variable  declared  label  L  represents  a  vector  of  l 
booleans,  and  we  allow  statements  like  goto  L  where  L  is  a 
label  variable  (it  is  clear  how  this  statement  is  to  be  implemented) 


If  in  S  we  have 
(a)  1^:  <y,z>  -  <f,a); 

goto  Lj 


then  STATEMENT,  is 
1 

<y>z)  -  <T,a>;  l  -  l.  ; 

goto  REP 


(b)  L. :  if  a  then  goto  L.  if  cc  then  L  *-  L.  else  L  •- 

**■  ——  j  J 

else  goto  goto  REP 


(c)  L.:  HALT (3^) 

(d)  L.  :  c  *-  c+1;  goto  L. 

1  J 

(e)  L. :  c  -  c-lj  goto  L. 

1  «") 


RETURN  (<y,z,L» 


RETURN  (<y,z,L.» 

J 

L  L . ;  goto  REP 


(f)  L.:  if  c=0  then  goto  L.  L  -  L. ;  goto  REP 

1  J  J 

else  goto  L, 


(iii)  g((y'>z'>L'))  is  like  the  function  f  except  for  parts  (e),  (f) 


(e)  Li*.  c  -  c-1;  goto  L. 


RETURN  ((y,z,L.» 


(f)  L. :  if  c  =  0  then  goto  L..  L  *-  L,_ ;  goto  REP  . 
1  j  k 

else  goto 


(iv)  p(<y,,z',L,»  is 


begin  data  y;  boolean  z;  label  L; 
<y,z,L)  -  ^(y'jZ'jL'  )) ; 
if  isplus(L)  then  RETURN (false) 
else  RETURN(true) 
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Above,  the  function  isplus(L)  is  defined  to  be  true  if  L  is 

the  label  L.  in  a  statement  c  -  c+1;  goto  L.  ,  and  false 

J 

otherwise . 


(v)  qUySz',!/ >)  is 


begin  data  y;  boolean  z;  label  L; 
<y,z,L>  -  g(<y,,z,,L'  >) ; 
if  isplus(L)  then  RETURN (false) 
else  RETURN (true) 


end 


If  the  value  computed  by  F(a)  is  <y  , . . .,y  , z. , . . .,z  ,L>  then 

-i-  n  1  m 

y1  represents  the  output  of  S  . 

S’  implements  the  computation  of  the  one-counter  schema  S  by 
representing  the  value  of  the  counter  by  the  number  of  defined  functions 
G  that  effectively  exist  in  the  recursion  stack  at  any  time.  When  the 
defined  function  F  is  being  "executed"  the  counter  is  zero. 

This  shows  how  to  convert  any  schema  in  £(lc,=)  to  an  equivalent 
schema  in  <3(=)  ,  which  completes  the  proof. 


2. J. 7  Proof  of  Theorem  2.l6 
<3(R,  =)  c) 

We  will  use  the  fact  that  schemas  in  (3(c)  can  simulate  Turing 
machines,  and  that  the  halting  of  schemas  in  (3(R,=)  over  a  given 
finite  domain  is  decidable,  to  demonstrate  a  diagonalized  argument. 
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The  required  schema  Se<30c)  is  defined  as  follows. 

The  schema  S  uses  three  counters.  The  initialization  phase  of  S 
is  the  following: 

START  y  -  a; 

while  P(y)  begin  y  -  f(y)  ;  c  -  c+1  end; 

After  this  phase  the  schema  makes  no  use  of  the  variable  y  ,  or  the 
base  functions  or  predicate  (except  in  the  halt  statement).  Let  the 
value  of  -the  counter  c  be  n  when  it  exits  from  the  initialization 
phase.  Let  1^  denote  the  following  interpretation:  the  domain  has 
n+1  element s, 

V el’ ‘ *  *  *  en  ’ 

the  value  of  a  is  Cg  ,  and  f  and  p  are  defined  by: 
i  <  n  f(e.)  =  ei+1  p(ei)  =  true 

f(en)  =  e0  P(en)  =  false  . 

The  schema  S  then  simulates  the  computation  of  the  n-th  schema  S  in 

n 

C^R,  = )  on  the  interpretation  In  .  The  schema  Sn  will  diverge  if 
and  1  nly  if  some  defined  function  calls  itself  recursively  with  exactly 
the  same  arguments  (data  and  boolean  values) .  If  Sn  halts  with  output 
then  S  loops,  otherwise  S  halts  with  output  a  . 

Ih  s  completes  the  description  of  the  required  schema  S  ;  and  it 
is  clear  that  it  is  not  equivalent  to  any  schema  in  Q,( R,  =)  ,  because 
if  it  were  equivalent  to,  say,  the  m-th  schema,  we  find  their  outputs 
on  the  interpretation  1^  disagree  --a  contradiction. 


<3(c,=)  £c£R) 

We  can  show  the  equivalent  result  that  there  is  a  schema  in 
not  equivalent  to  any  in  (2/c,=)  .  It  is 
S:  Fq  <=  F(a) ; 

F(y)  <=  if  p(y)  then  h(P(f(y) )  ,F(g(y) ) )  else  y  . 

This  is  the  schema  demonstrated  by  Paterson  and  Hewitt  [1970],  and  their 
proof,  shown  for  £*,()  ,  also  applies  to  (2{c,=)  . 

Let  tq  be  defined  to  be  the  term  a  ,  and  Tn+1  to  be  the  term 
h(f(Tn),e(Tn) )  ‘  Also  define  the  Herbrand  interpretation  Hn  to  be: 

P(t)  is  false  if  the  depth  of  nesting  of  function  symbols  in  T  is  n  , 
otherwise  it  is  true.  Then,  Val(S,Hn)  =  .  Now,  suppose  there  is  a 

schema  S'e(3(c,=)  equivalent  to  S  .  Without  loss  of  generality,  we 
can  restrict  all  terms  appearing  in  S’  to  have  depth  at  most  one 
(depth  of  terms  a,yi  is  0  ,  of  terms  f(a)  ,  f(y  )  is  1  ,  of 
f ( f (a) )  ,  h(f (a) ,y)  is  2  ,  etc.).  Then  we  see  that  if  S’  has  m 
data  variables  then  S’  cannot  compute  any  terms  Tn  if  n  >  m  (for 
Herbrand  interpretations).  Thus  the  outputs  of  S  and  S’  over  H 

m+1 

must  disagree  and  S  and  S’  cannot  be  equivalent. 
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2.3.U.8  Proof  of  Theorem  2.11 


» 


» 


f 


t 


Z 


z 


■4> 
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To  prove  that 

(a)  <3(R)  =  <3(  1  pds)  =  C(l  list),  and 

(b)  d R,  =)  =  C{1  pds,  =)  =  2(1  list,  =  )  . 

2(R)  <2(1  pds)  ,  2(R,  =)  <2(1  pds,  =  ) 

We  do  not  describe  the  construction  in  detail  because  it  is 
obvious.  Given  a  recursive  schema  S  we  construct  a  schema  with  a 
stack  S'  as  follows:  S'  can  stack  boolean  variables  to  code  any 

finite  piece  of  information.  S’  has  a  set  of  variables  that  represent 
the  arguments  of  a  function  call,  another  set  to  represent  the  values 
returned,  and  some  for  temporaries.  When  a  recursive  call  is  to  be 
made,  the  old  arguments  and  seme  temporaries  (values  of  earlier  calls 
from  the  same  defined  function  —  required  to  build  up  terms)  are  stacked, 
as  well  as  the  local  context,  the  new  arguments  are  set  up,  and 
computation  is  begun  on  the  new  defined  function.  When  a  function  returns, 
values  (and  the  context)  are  unstacked.  S'  halts  if  the  stack  becomes 
empty. 

(3(1  pds)  <  2(R)  ,  (3(1  pds,  = )  <  Cl R,  =  ) 

Given  a  schema  S  with  one  pushdown  stack,  we  construct  a  recursive 
schema  S'  equivalent  to  S  ,  such  that  S'  uses  equality  tests  only 
if  S  uses  them.  For  the  sake  of  convenience,  we  will  allow  certain 
features  in  recursive  schemas  that  are  not  strictly  allowed,  but  can  be 
easily  eliminated  to  get  a  legal  recursive  schema.  These  include  the 
following : 
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(1)  Nested  if-then-else*  s  . 

(2)  Passing  labels  as  parameters  (arguments  and  values  returned)  and 
nonlooping  goto-statements  in  a  recursive  definition.  Labels  can  be 
implemented  by  a  vector  of  booleans,  and  transfers  can  be  implemented 
by  nested  if-then-else* s  .  We  also  allow  return-statements  which 
explicitly  return  values  from  the  defined  functions. 

Without  loss  of  generality,  S  has  a  single  halt  statement  of  the 
form  HALT(y^)  ,  and  has  no  loop  statements  (L^:  LOOP  can  be  replaced 
by  L.:  (y,z)  *-  (y,z);  goto  L^  ).  In  the  schema  S  we  label  all  assign¬ 
ment  statements,  test  statements,  the  halt  statement,  and  also  all 
statements  operating  on  the  stack  as  follows: 


s  <r-  push(s,y,z) 

L. : 
x 

s  «-  push(s,y,  z) 

if  s  =  A  then  goto  L 

L. : 
i 

if  S  a  A 

else  begin 

L.: 

J 

then  goto  L 

<y,z>  <-  top(s) ; 

else  begin 

s  <-  pop(s) 

<y,z>  «-  top(s)  5 

end 

s  <-  pop(s) ; 

end 


Notice  the  strange  placement  of  the  label  L.  after  the  test  s  =  A  . 

J 

In  addition,  we  have  a  dummy  label  L^^  which  is  assumed  to  be 
entered  after  the  halt  statement. 


The  recursive  schema  S'  has  four  defined  functions: 


F^  --  The  starting  function.  ThiE  calls  F^  . 


F  --  When  this  is  executed  the  stack  is  empty.  F.  may  call 
A  A 

itself  iteratively  (i.e.,  a  compiler  can  treat  it  as  iteration 


rather  than  recursion) .  It  returns  only  when  the  schema  S 
®  halts.  may  also  call  the  function  F  . 

F  -  This  is  the  work-horse.  This  is  similar  to  the  function  used 
in  ccnvert“g  a  flowchart  schema  into  a  recursive  schema.  It 
calls  Fg  when  something  is  pushed  into  the  stack. 

Fs  -  The  number  of  recursive  calls  on  Fg  represents  the  height 
^  of  the  pushdown  stack. 

These  functions  are  defined  as  follows.  Recall  that  the  notation 

Yi(“’)  is  used  t0  pick  the  i-th  data  element  of  a  vector.  We  also 
f  use  Y(...)  to  pick  all  data  elements  from  a  vector,  and  Z(...)  to 

pick  all  boolean  elements.  Similarly,  we  will  use  the  notation  L(...) 
to  pick  the  label  from  a  vector  (only  one  will  be  used)  . 

^  Fq  :  If  the  start  statement  in  S  is 

START  <y,z>  <-  <T,d>;  goto  L.; 

then 

*  V=W^Li)); 

j\  :  fa(^z.L)  <=£otc  h(F(d,z,L)); 

k 

Ll:  £C£U£S(exP1) > 

L2:  return(exp2) ; 

For  any  i  : 

(1)  If  L.  is  the  dummy  statement  then  the  expression  exp.  is 

F(y,z,L)  . 
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(2)  If  is  the  "weird"  label  in 

if  s  =  A 
L. :then  goto  L., 

1  - s -  j 

else  begin  <y,z)  ♦-  top(s) ;  s  •-  pop(s)  end 
then  the  expression  exp^  is  „  _ 

FA(YF(y,5,L),ZF(y,5,L),L.)  . 

The  value  returned  by  F  will  have  the  same  type,  i.e.,  (y,  z,  L)  , 

and  it  represents  the  "current"  values  of  the  variables  and  the 
label  of  the  next  statement  to  be  executed.  Notice  that  the  effect 
of  exp^  is  to  stick  the  values  returned  back  into  F  (in  the  next 
call  to  F^  )  and  continue  the  execution  from  where  it  was  left  off. 

(3)  If  L.  is  anything  else  —  this  can  never  happen,  and  exp..  is 
arbitrary. 

F  :  F(y, z,L)  <=  goto  L; 

return( exp^) ; 

L2:  return (exp2) ; 

If  is  then  exp^  is 

(1)  The  dummy  statement  (y, 

or  the  halt  statement  itself 

(2)  L.:  (y,  z)  *-  (t,5);  goto  L. ;  F(f,a,L  ) 

^  tJ  J 

(3)  L. :  if  a  then  goto  L.  if  a  then  F(y,z,L.) 

else  goto  1^  else  F(y,z,Lk) 
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rather  than  recursion) .  It  returns  only  when  the  schema  S 
halts.  may  also  call  the  function  F  . 

F  --  This  is  the  work-horse.  This  is  similar  to  the  function  used 
in  converting  a  flowchart  schema  into  a  recursive  schema.  It 
calls  F  when  something  is  pushed  into  the  stack. 

Fs  --  The  number  of  recursive  calls  on  Fg  represents  the  height 
of  the  pushdown  stack. 

These  functions  are  defined  as  follows.  Recall  that  the  notation 

Yi(...)  is  used  to  pick  the  i-th  data  element  of  a  vector.  We  also 

use  Y( . . .)  to  pick  all  data  elements  from  a  vector,  and  Z(...)  to 

pick  all  boolean  elements.  Similarly,  we  will  use  the  notation  L(...) 

to  pick  the  label  from  a  vector  (only  one  will  be  used)  . 

Fq  :  If  the  start  statement  in  S  is 

START  <y,  z)  <-  (f,d)j  goto  L.  ; 

1 

then 

ro  <=  Yl(VT~’5'Li)); 

Fa  :  FA(y,z,L)  <=  goto  L(F(y,z,L)) ; 

L^:  return( exp^)  ; 

L2:  return(exp2) ; 

For  any  i  : 

(1)  If  Ik  is  the  dummy  statement  then  the  expression  exp^^  is 

F(y,  z,  L)  . 
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(2)  If  L.  is  the  "weird"  label  in 
if  s  -  A 

L. :then  goto  L . 

J 

~-^se  ^egin  <y^z)  »-  top(s) ;  s  *-  pop(s)  end 
then  the  expression  exp.  is 

FA(YF(y,z,L),ZF(y,5,L),L.)  . 

J 

The  value  returned  by  p  will  have  the  same  type,  i.e.,  <y,z,L>  , 

and  it  represents  the  "current"  values  of  the  variables  and  the 
label  of  the  next  statement  to  be  executed.  Notice  that  the  effect 
of  exp^^  is  to  stick  the  values  returned  back  into  P  (in  the  next 
call  to  Fa  )  and  continue  the  execution  from  where  it  was  left  off. 

(3)  If  Li  is  anything  else  —  this  can  never  happen,  and  exp.  is 
arbitrary. 


F(y,z,L)  <=  goto  L; 

Ll:  returnfexp^) ; 
:  return ( exp2) ; 


If  L.  is 
1 


(1)  The  dummy  statement  1^ 

or  the  halt  statement  itsel: 

(2)  1^:  <y>z>  -  <T,a);  goto  L.j 

J 

(3)  L. :  if  a  then  goto  L . 

1  —  - a -  j 

else  goto 


then  exp^  is 

F(f,a,L  ) 

J 

if  a  then  F(y,z,L.) 

J 

else  F(y,z,Lk) 


100 


f 


z 


r> 


o 


u 


( 


(*) 

(5) 


s  -  push(s,y,z) ;  goto  Lj 

L^:  if  s  =  A 

L. :  then  goto  . . . 

J  — — — 


Fs(y,  z,  Lj,y,  z) 

(y>z>  Lj) 


The  only  case  not  shovm  cannot  occur,  and  the  expression  for  it  is 
arbitrary. 


Fg(y, z, L,y, z)  <=  goto  L(F(y,z,I,)) ; 

1^:  return ( exp^) ; 
Lgi  return (exp^) ; 


(Note  —  there  should  be  no  ambiguity  as  to  the  roles  of  the  two 
L's  above).  For  any  i  ,  if  L.  is  a  statement  of  the  form 
if  s  =  A 
:  then  goto  L . 

else  begin  <yk,zm>  -  top(s);  s  -  pop(s)  end 
then  the  corresponding  exp^  is 
Fty'fZ'tL .) 

tJ 

where  y  is  obtained  by  substituting  y  for  y  in  the  vector 

A 

F(y>z>L)  ;  and  z'  is  obtained  by  substituting  z  for  z  in 

m 

the  same  vector.  If  this  has  caused  any  confusion,  it  may  be  pointed 
out  that  y^  really  stands  for  the  k-th  data  element,  and  similarly 
for  z 


m 


The  only  other  possible  case  is  that  L.  is  L  and  in 

1  nait 

this  case  expi  is  F(y,  z,L)  . 


□ 
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<3(1  pds)  <fl(l  list)  ,  <3(1  pds),  =)  <  <3(1  list,  =) 


A  pushdown  stack  ear.  be  simulated  by  a  list  as  follows.  In  the 


construction  below,  L'  is  an  arbitrary  label  (transfers  to  L'  can 


never  be  taken  in  actual  computation),  and  y»  is  a  dummy  variable. 


The  list  schema  uses  a  zero-ary  function  a  to  represent  "true",  and 


A  to  represent  "false". 


Pushdown  stack 


s  ♦-  push(s,y,  z) 


if  s  =  A  then  goto  L 


begin 


<y,z>  -  top(s) ; 


s  ♦-  pop(s) 


I  -  cons (y, l)  ; 


if  z  then  I  •-  cons(a, l) 


else  l  *-  cons(A,l) 


if  I  «=  A  then  goto  L; 


if  atom(l)  then  goto  L' 


else  if  -i  atom(car(l))  v  car(l)  =  A 


then  goto  L 2 


else  y'  *-  car(£) ; 


z  *-  true; 


goto  L5; 


L0:  z  •-  false; 


if  atom(£)  then  goto  L' 


else  t  —  cdr(l) ; 


Ly  if  atom(l)  then  goto  L* 

else  if  atom(car(l))  v  car(l)  =  A 


then  goto  L' 


else  y  »-  car(i) ; 


if  atom(l)  then  goto  L' 


else  I  »-  cdr(l) 
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(3(1  list)  <(3(1  pds)  ,  (3(1  list,  =)  <  (3(1  pds,  =) 


list 


stack  representation 


l  .1 


Note:  the  stack  representation  of  a  list  is  not  unique,  but  depends 
on  the  way  the  list  is  built  up.  Now,  it  is  clear  how  the  list  can 
be  manipulated  by  its  stack  representation.  We  have  been  able  to 
represent  the  list  by  a  stack  because  a  schema  with  a  single  list 
cannot  generate  lists  of  any  great  complexity. 

□ 


2. 3. 4. 9  Proof  of  Theorem  2.20  (Maximal  Classes  of  Schemas) 
£(1  pds,lc)  >  £(pds,q,list,A)  ,  -3(1  pds,lc,  =)  >  3(pds,q,list,A,  =) 

We  first  demonstrate  that  a  schema  with  a  pushdown  stack  and  two 
counters  can  simulate  the  computation  of  any  schema  S  with  any  number 
of  features  --  pushdown  stacks,  queues,  lists,  arrays,  counters.  We 
will  take  recourse  to  the  large  body  of  knowledge  on  the  programming 
of  Turing  machines  (Church's  thesis). 


Now,  two  counters  can  simulate  a  Turing  machine  computation  (on  a 
blank  tape) .  We  are  using  the  term  "Turing  machine"  somewhat  loosely 
here  because  we  will  allow  the  machine  to  output  as  it  computes,  and 
also  in  some  special  state  to  accept  a  yes-no  input  (from  the  environment) 
before  deciding  what  to  do  next.  Our  two-counter  Turing  machine  will 
keep  track  of  the  values  in  all  the  pushdown  stacks,  queues,  lists, 
arrays,  and  counters  of  the  schema  S  .  Data  values  will  be  kept  in 
symbolic  form,  that  is,  as  (constant)  terms.  Of  course,  an  infinite 
amount  of  memory  is  not  required  to  keep  track  of  arrays  —  the  Turing 
machine  need  only  remember  those  array  locations  that  were  assigned  to 
since  the  beginning  of  the  computation,  and  know  about  the  value  the 
array  was  initialized  to  by  the  start  statement.  If  S  execuv.es  a  test 
on  data  elements  (a  predicate  or  equality  test),  then  the  Turing  machine 
"outputs"  a  list  of  instructions  as  to  how  all  terms  are  to  be  constructed 
and  the  test  to  be  made  —  the  output  is  a  postfix -polish  form  of  the 
expression  (it  uses  only  constant  terras  —  no  variables)  .  Postfix  polish 
can  be  executed  on  the  pushdown  stack  and  the  outcome  of  the  test  is 
transmitted  to  the  Turing  machine.  Our  two-counter  machine  can  output 
one  character  (say,  the  n-th  character)  as  follows:  if  c^  ,  c^  are 
the  counters,  c^  is  set  to  2n.k  where  k  is  some  odd  integer,  and 
c^  is  0  (see  the  construction  of  a  two-counter  machine  from  a  multi¬ 
counter  machine  in  the  discussion  on  Theorem  2.17).  The  output  can  then 
be  detected  by: 

if  (c^  mod  2)  =  1  then  goto  OUTKJTO; 

C1  -  Cl/2; 

if  (c^  mod  2)  =  1  then  goto  0UTRJT1; 
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c!  -  c±/2’> 

if  (c^  mod  2)  =  1  then  goto  0UTFUT2; 

where  it  is  obvious  how  the  test  (c^  mod  2)  =  1  ,  and  the  assignment 
c^  *-  c^/2  can  be  implemented. 

Now,  the  schema  in  (3,(1  pds,2e)  we  obtain  has  the  following 
interesting  property.  Whenever  it  executes  a  statement  like 
s  push(s,y,  s) 

or  like 

if  s  =  A  then  goto  L 

else  begin  (y,z)  -  top(s) ;  s  -  pop(s)  end 
the  value  of  the  counter  cr,  is  zero.  Hence  we  can  implement  c  in 

c:  d 

the  stack  itself  by  stacking  a  false  value  to  represent  c^  =  0  ,  and 
subsequently  a  true  value  for  each  increment  to  the  value  of  c 2  .  This 
will  not  interfere  with  the  above  stack  operations  since  we  simply  throw 
away  the  false  value,  execute  the  stack  operation,  and  then  reinstate  it. 

We  note  that  if  the  functions  of  the  schema  are  monadic,  then  (3-(2c) 
can  simulate  <3(pds,q, list, A)  (and  similarly  for  (j(2c,  =)  ).  In  the 
above  description  of  a  schema  with  one  stack  and  two  counters,  the  stack 
was  only  used  to  construct  (constant)  terms.  When  the  functions  are 
monadic,  any  term  can  be  computed  with  just  one  variable,  and  hence  any 
n-ary  predicate  test  can  be  performed  with  n-variables.  This  shows  that 
<3(2c, monadic  fns)  h  3(pds,q, list, A, monadic  fns)  ,  and  that 
<3( 2c,  =, monadic  fns)  =  C-(pds,q, list, A,  =, monadic  fns)  . 


t 


□ 


<3(lq)  >3(1  pds,  lc)  ,  3(lq>  =)  >3(1  pds,lc,  =) 

Since  a  pds  is  at  least  as  powerful  as  a  counter,  it  suffices  to 
show  that  3(lq)  >3(2  pds)  ,  3(lq,  =)  >3(2  pds,  =)  (the  proof  is  a 
little  simpler) .  Given  a  schena  S  with  two  stacks  s^  and  Sg  ,  we 
wish  to  construct  a  schema  S'  with  a  queue  that  is  equivalent  to  S  . 
But  this  is  easy  because  both  stacks  can  be  packed  in  a  queue,  with 
boolean  variables  to  mark  the  ends,  and  the  values  can  be  circulated. 
The  detailed  construction  is  as  follows.  For  convenience  below,  we  use 
the  notation  tf(l)  for  ,!true",  and  tf(2)  for  "false",  and  we  define 
macros  rem(L,y, z,q)  ,  and  reset (i)  as  follows: 

rem(L,y, z,q)  if  q  =  A  then  goto  L  else 

begin  <y,z>  -  first(q); 
q  -  remove (q) 

end 

reset(i)  L:rem(L',y,,z',q) 5 

q  -  add(q,y ' , z ' ) ; 

begin  rem(L',y',z',q) ; 
q  -  add(q,y',z')> 
goto  L 

end; 

rem(L',y',z',q) ; 

add(q,y',z')j 

if  z*  £  tf(i)  then  goto  L 

where  L'  is  an  arbitrary  label,  "  a  "  is  a  zero-ary  function  in  S  , 
and  y'  and  z'  are  new  variables  in  the  schema  S'  (with  the  queue) 
that  are  not  present  in  S  . 
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Schema  S  —  two  stacks  ( s  ,  s  ) 
_ _  v  l*  2' 


START  <y1,yg,  ...yZ^z^,  ...) 
2.f^23  '  "  '  ’  * ) 


si  -  push(si,y, z) 


if  s  =  A  then  goto  L  else 
begin  <y,z)  -  top(s) ; 
s  -  pop(s) ; 


end 


Schema  S'  —  one  queue 

— 

£ 

START  <y  •  •  • ,  Z ' ,  z±,  ag,  . . .  ) 

-  <a,Tx,Tp,  . .  true,  0^,0^, . . .  )  j 
q  *-  add (q,  a,  false ) ; 
q  ♦-  add(q,a,tf(l)) ; 
q  *-  add(q,a,  false) ; 
q  -  add(q,q,tf(2)) 

reset(i) ; 

q  -  add(q,a,true) ; 
q  -  add(q,y,z) 

reset(i) ; 
rem(L',y',z',q) ; 
if  -i  z'  then 

begin  q  -  add(q,  y ' , z ' ) ; 
rem(L',ySz*,q) ; 
q  -  add(q,y«,z‘) J 

goto  L 

end; 

rem(L',y,z,q) 

□ 

I 
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Chupter  3  Decision  Problems 
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3-1  Introduction 

We  consider  the  following  decision  problems  for  classes  of  schemas: 

(a)  The  halting  problem  —  to  decide  whether  a  given  schema  in  the 
class  halts  on  every  interpretation. 

(b)  The  divergence  problem  —  to  decide  whether  a  given  schema  in  the 
class  diverges  on  every  interpretation. 

(c)  The  equivalence  problem  —  to  decide  whether  two  schemas  are 
equivalent  (decide  if  S1  ?:  S2  )  . 

(d)  The  inclusion  problem  --  given  two  schemas  G1  and  Sg  to  decide 
whether  it  is  true  that  for  every  interpretation  either  both  schemas 
halt  with  the  same  output  or  Sg  diverges  (decide  if  ^  >  Sg  )  . 

(e)  The  isomorphism  problem  —  to  decide  whether  two  schemas  are 
isomorphic  to  each  other  (decide  if  ~  s2  )  • 

It  should  be  stated  that  for  "conventional"  schemas,  i.e.,  a.1 1 
schemas  introduced  in  the  previous  chapter,  the  problems  (a) -(e)  are  in 
general  unsolvable,  but  the  following  problems  are  partially  solvable: 

(a)  The  halting  problem  —  to  decide  whether  a  given  schema  in  the 
class  halts  on  every  interpretation. 

(b')  The  ncndivergence  problem  —  to  decide  whether  a  given  schema 
ever  halts. 

(e')  The  nonisomorphism  problem  —  to  decide  if  two  schemas  are  not 
isomorphic  to  each  other. 

The  notable  exceptions  are  the  equivalence  and  inclusion  problems. 

In  general,  the  equivalence  and  inclusion  problems  as  well  as  their 


no 


negations  are  all  not  partially  solvable . 

A  class  of  schemas  is  said  to  be  solvable  if  its  decision  problems 
(a) -(e)  are  solvable)  similarly,  a  class  is  unsolvable  if  its  decision 
problems  (a) -(c)  are  unsolvable.  Of  course,  some  classes  may  be  neither 
solvable,  nor  unsolvable. 

The  class  of  Ianov  schemas,  which  conf-sts  of  one-variable  flowchart 
schemas  using  only  monadic  functions  and  predicates  and  no  resets  is 
solvable.  However,  even  very  simple  classes  of  two-variable  schemas  are 
unsolvable.  For  example,  the  class  of  schemas  with  one  constant  a  ,  one 
other  function  symbol  f  ,  one  predicate  p  ,  and  statements  of  the  forms: 

(1)  START  (y1,y2>  -  <a,a) 

(2)  HALT  (a) 

(3)  LOOP 

(l0  y-i  -  f(y±) 

(5)  if  p(yi)  then  goto  L.^  else  goto  Lg 

is  unsolvable.  For  this  reason,  in  this  chapter  we  will  almost  exclusively 
consider  schemas  with  only  one  variable  to  determine  how  large  a  class  can 
be  constructed  before  it  becomes  unsolvable. 

Also  note  that  for  solvability  considerations  the  use  of  boolean 
variables  is  irrelevant  as  they  can  be  eliminated.  Hence  we  will  only 
consider  schemas  without  boolean  variables . 

In  Section  3.2  we  consider  uninterpreted  one-variable  flowchart 
schemas  in  which  equality  tests  are  allowed.  In  view  of  the  fact  that 
all  decision  problems  for  uninterpreted  one -variable  schemas  without 
equality  tests  are  solvable,  it  may  be  somewhat  unexpected  that  the  class 
of  one-variable  schemas  with  general  equality  tests  is  unsolvable.  But 
we  shew  that  if  only  some  restricted  equality  tests  are  allowed  the 
resulting  classes  are  solvable. 
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In  Section  3.3  we  consider  some  scan! -interpreted  schemas,  in 
particular,  those  obtujned  wtieu  (a)  two  unary  fimctloiu;  are  ;:p<<*.i  riad 
to  commute,  and  (b)  when  sane  unary  function  is  invertible,  i.e., 
composition  of  the  function  with  its  inverse  is  the  identity  function. 

We  find  that  with  commutativity  or  invertibility  alone,  the  decision 
problems  are  solvable,  but  if  both  are  allowed,  they  become  unsol vable. 


5.2  Equality  Tests 
3.2.1  Notation 

We  consider  flowchart  schemas  with  a  single  variable  y  ,  and  we 
use  the  symbols 

(1)  a,a1,a2, ...  to  represent  individual  constants  (or  zero-ary 
functions,  if  you  will), 

(2)  fj  f^,  fg,  . . .  to  represent  n-ary  functions  (n  >  1)  ,  and 
0)  PjPjjPgj’**  to  represent  n-ary  predicates  (n  >  0)  . 

We  use  the  notation  t()  to  represent  a  constant  term,  i.e.,  a  term 
not  containing  the  variable  y  ,  and  t  ,  t(y)  to  represent  an  arbitrary 
term. 

The  assignment  depth  \\t(y)\\  of  a  term  x(y)  is  defined  as  follows 

IK  Oil  -  0  , 
l|y||  =  0  , 

11^*1  (T  i>  *  •  *^'rr )  ll=  maxtllTill>  •  •  •>  liTrll}+1  >  where  at  least  one  of  the 


T  ’  s  is  nonconstant. 


The  depth  |t  of  a  term  t  is  the  maximum  depth  of  nesting  in 
the  term,  and  is  defined  by: 

I ai 1  -  o  > 

|y|  =  o  , 

| f^(r^, . .  .,Tr)  1  =  max{  jr^|, .  • |Tr|  }+i 
We  also  say  that  |t|  is  the  depth  of  nesting  of  T  . 

Note  that  for  nonconstant  monadic  terns  T  ,  ||t||  =  |T  |  >  t>ut  in  general 
1|t II  <  |t|  .  For  example,  ||f(g(a),y)||  =  1  ,  but  |f(g(a),y)|  =  2  . 

3.2.2  Solvable  Classes 

Consider  the  rather  general  class  <3^  of  flowchart  schemas  with 
one  variable.  Schemas  in  <3^  contain  the  following  statement  types 
(1^  and  L2  are  arbitrary  labels  in  the  definitions  below) : 

Start  statement:  START  y  •-  a^ 

Final  statements:  HALT(t)  or 

LOOP 

Assignment  statement:  y  *-  t 

Predicate -test  if  p.  (t^  . .  .,t  )  then  goto  1^ 

statement: 

else  goto  Lg 

Equality-test  if  =  Tg  then  goto  Lx 

statement : 

else  goto  Lg 

The  equality  tests  allowed  must,  however,  satisfy  the  condition  that 
either  or  Tg  is  a  constant  term,  or  else  there  exist  terms 

t£(y)  ,  T£(y)  such  that  both  ||tj_(y)|J  and  ||T£(y)||  are  less  than  or 
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equal  to  1  ,  and  and  Tg  are  of  the  forms  t^(t)  ,  and  t£(t) 
respectively  for  some  term  T  .  Note:  t|(t)  is  a  term  obtained  from 
T£(y)  by  substituting  all  occurrences  of  y  simultaneously  by  t  ; 
and  similarly  for  t^(t)  .  Note  also,  that  as  a  special  case  of  this 
condition,  tests  of  the  form  with  both  ||t.J|,  ||t2||  <  1  are 

allowed  (simply  by  choosing  t  to  be  the  term  y  itself) .  Another 
example  of  a  test  that  is  allowed  by  this  condition:  f(r)  =  t  ,  where  f 
is  some  unary  function  and  T  is  an  arbitrary  term  --  this  is  allowed 
because  we  can  choose  to  be  f(y)  and  to  be  y  . 

Theorem  3.1  (Solvability  of  ) 

The  class  is  solvable,  i.e.,  for  : 

(a)  the  halting  problem  is  solvable; 

(b)  the  divergence  problem  is  solvable; 

(c)  the  equivalence  problem  is  solvable; 

(d)  the  inclusion  problem  is  solvable; 

(e)  the  isomorphism  problem  is  solvable. 

This  theorem  includes  as  special  cases  the  results  of  Ianov  [i960], 
Rutledge  [1964],  and  also  recent  extensions  by  Pnueli  [private  communication], 
and  Garland  and  Luckham  [1971]*  The  proof  is  presented  in  Section  3-2. 4. 

As  a  special  case  of  this  theorem,  the  class  of  all  one-variable 
schemas  without  equality  tests,  £(  1  var)  ,  is  solvable. 

As  another  special  case,  the  class  of  one-variable  monadic  schemas 
allowing  resets,  and  equality  tests  of  the  forms: 

T-jO  =  *2  >  y  *  fjfo)  >  and  f.(y)  =  f^y) 

is  solvable. 


P  -*  i*,V. 


Consider,  next,  the  class  (t0  of  schemas,  similar  to  the  class 
but  with  a  change  in  the  form  of  equality  tests  allowed,  viz.,  the 
equality  test  statements  allowed  are  of  the  form: 

_if  T-j  =  t2  then  goto  else  goto  L2  , 

but  this  time  the  restriction  is  that  either  t1  or  t 2  is  a  constant 
term,  or  else  jjT,||  =  (|t2||  . 

Theorem  3.2  (Solvability  of  ) 

The  class  C-2  i*  solvable. 

As  a  special  case,  the  class  of  one-variable  monadic  schemas 
allowing  resets  and  equality  tests  of  the  forms: 

Tx(y)  =  t2()  ,  or  Tx  =  t2  where  ItJ  =  |t2| 

is  solvable. 


3.2.3  Unsolvable  Classes 

It  should  well  be  asked  why  we  have  the  "strange"  restrictions  on 
the  form  of  equality  tests  above.  The  answer  is  that  even  slight 
generalizations  of  the  restrictions  above  yield,  astonishingly,  classes 
whose  problems  are  unsolvable.  We  demonstrate  this  on  two  classes. 

Consider  the  cuass  consisting  of  one  variable  y  ,  one 

constant  a  ,  no  predicates  and  only  monadic  function  constants. 
Statements  in  schemas  of  are  of  the  forms : 

Start  statement:  START  y  ♦-  a 

HALT (a)  or 
LOOP 


Final  statements: 


Assignment  statement: 


» 


ft 


ft 


ft 


ft 


ft 


ft 


ft 


t 


t 


Equality-test 
statement : 


y  -  ^(y) 

if  ft(y)  =  fj(fk(y))  then  goto  1^ 
else  goto  Lg 


<3^  differs  from  <3^  in  that  terms  of  assignment  depth  two  are 
effectively  used  in  equality  tests;  and  it  differs  from  Cg  in  that 
terms  tested  for  equality  do  not  have  the  same  assignment  depth. 


Theorem  3.3  (Unsolvability  of  ^  ) 

The  class  is  unsolvable,  i.e.,  for  <3^  : 

(a)  the  halting  problem  is  unsolvable; 

(b)  the  divergence  problem  is  not  partially  solvable; 

(c)  the  equivalence  problem  is  not  partially  solvable: 

(d)  the  inclusion  problem  is  not  partially  solvable; 

(e)  the  isomorphism  problem  is  not  partially  solvable. 

For  the  sake  of  completeness  we  should  mention  that  the  non¬ 
equivalence  and  the  non-inclusion  problems  for  this  class  too  are  not 
partially  solvable.  Of  course,  the  halting,  non -divergence  and  non¬ 
isomorphism  problems  are  partially  solvable,  which  follows  from  the 
general  result  mentioned  in  Section  3.1.  For  the  proof,  see  Section  3.2.U. 

We  introduce,  next,  the  class  <3^  of  one-variable  monadic  schemas 
similar  to  but  with  the  difference  that  equality  tests  allowed  have 
the  following  form: 

if  y  =  T  then  goto  else  goto  L0 

where  t  may  have  any  of  the  forms: 
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^(y)  > 

Theorem  3.4  (Unsolvability  of  ) 

The  class  is  unsolvable. 

Classes  and  are  solvable,  whereas  Cj  and  are 
unsolvable.  On  comparing  these  classes  it  is  clear  that  there  is  a 
very  sharp  demarcation  between  classes  of  one-variable  schemas  that  are 
solvable,  and  those  that  are  unsolvable,  depending  on  the  form  of 
equality  tests  allowed.  It  should  perhaps  be  asked  how  many  function 
symbols  suffice  to  render  a  class  unsolvable.  It  can  be  shown,  for 
example,  that  for  the  class  ,  merely  four  functions  are  sufficient. 
It  is  more  interesting  to  note,  however,  that  these  function  symbols  can 
be  "coded"  using  only  two  function  symbols  so  uhat  schemas  with  one 
variable,  two  functions  and  general  equality  tests,  i.e.,  tests  of  the 
T1(y)  =  r2(y)  ,  are  unsolvable.  Note:  the  number  of  functions 

does  not  include  the  ever-present  constant  (or  zero-ary  function)  a  . 

So  far  we  have  restricted  our  consideration  to  schemas  that  have 
only  one  variable.  The  reason  is  obvious:  one-variable  schemas  provide 
the  most  interesting  solvable  classes.  When  more  variables  are  allowed, 
even  a  very  few  features  tend  to  make  the  schemas  unsolvable.  For 
example,  schemas  with  two  variables,  two  functions  and  tests  only  of 
the  form  yt  =  f(y^)  are  unsolvable. 
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It  is  even  more  interesting,  though  probably  not  surprising,  that 
schemas  with  \  single  function  too  are  unsolvable;  for  example,  the  class 
of  one  function  schemas  having  tests  only  of  the  form  y.  =  y.  is 

— 1 - _j2_ 

unsolvable  (four  variables  suffice  in  this  case). 

The  proofs  of  these  secondary  results  are  also  presented  in 
Section  3.2.4. 
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3*2.4  Proofs  for  Schemas  with  Equality 

3. 2. 4.1  Proof  of  Theorem  3.1  (Solvability  of  <3.  ) 

for  convenience,  in  this  proof  we  change  our  notation  for  terms 
very  slightly:  t  stands  for  an  arbitrary  term  and  t()  stands  for  a 
constant  term  as  before,  but  r(y)  represents  a  non-constant  term. 

; — Q? )..i — The  solvability  of  the  halting,  divergence  and 
equivalence  problems  follows  from  the  solvability  of  inclusion: 

(a)  Given  a  schema  S  of  ,  s  halts  if  and  only  if  S'  >H  where 

H  represents  the  schema  START;  HALT (a)  that  always  halts  with 
output  a  ,  and  S'  is  the  schema  S  with  all  halt  statements 
changed  to  HALT (a)  . 

(b)  Given  a  schema  S  of  ,  S  diverges  if  and  only  if  L  >  S  , 

where  L  represents  the  schema  START;  LOOP  that  always  loops. 

(c)  Given  two  schemas  Sx  and  S2  of  ^  ,  S;L  =  S2  if  and  onty  if 
S1  >  S2  and  S2  >  S1  . 

l,.1(d)  To  show  the  solvability  of  the  inclusion  problem  we  will 
first  present  a  proof  for  schemas  in  ^  using  only  monadic  functions 
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and  predicates,  and  then  indicate  how  it  may  be  extended  to  include 
non-monadic  functions  and  predicates  as  well. 

We  first  describe  classes  of  canonical  interpretations  that  play  a 
role  for  the  monadic  schemas  in  similar  to  the  role  of  Herbrand 

interpretations  for  Herbrand  schemas  (see  Theorem  2.1.2) . 

For  any  integer  k  >  0  ,  we  describe  the  class  of  interpretations 
sS,  (over  a  set  of  monadic  functions  and  predicates)  as  follows.  The 
elements  of  the  domain  of  an  interpretation  If  <9^  are  equivalence 
classes  of  constant  terms.  However,  each  constant  term  need  not  be 
present  in  some  equivalence  class.  First,  consider  the  set  of  terms 
t()  such  that  |t()|  <  k  .  Equivalence  classes  may  consist  of  arbitrary 
non-overlapping  subsets  of  these  terms  as  long  as  substitutivity  relations 
are  preserved,  for  example,  if  k  >  3  ,  and  f(g(a^))  ,  f(a2)  are  in 

the  same  equivalence  class,  then  f(f(g(a1)))  ,  f(f(a2))  must  together 
be  in  some  class,  as  must  g(f(g(a.))  ,  g(f(a2))  ,  but  g(a^  ,  a2  may 
be  in  different  classes.  All  constant  terms  t()  ,  with  |r()  |  <  k 
are  in  some  equivalence  class,  and  these  are  called  the  initial  elements 
of  Dom(l)  .  We  will  rank  the  terms  in  an  equivalence  class  first  by 
depth,  and  then  by  (some)  lexicographic  order,  and  choose  the  smallest 
as  the  representative  of  the  class.  We  denote  a  class  by  [t()]  where 
*r()  is  the  representative.  Also,  if  t()  is  any  element  in  a  class, 
not  necessarily  its  representative,  we  use  {?()}  to  denote  the  class. 
Since  the  equivalence  classes  will  be  non-overlapping,  these  notations 
make  sense. 

Functions  are  defined  on  the  initial  elements  in  the  obvious  way. 

If  |t()|  <  k  then  f([r()])  =  [f(T())j  .  If  all  initial  elements  are 
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of  the  form  [ t ( )  ]  with  |t()  j  <  k  ,  then  there  are  no  other  elements 

in  Dom(l)  .  Otherwise,  if  [t()]  is  an  element  of  Dom(l)  ,  |r()|  >k  , 

then  new  equivalence  classes  may  consist  of  terms  from  the  set 

tf(T())  |f  is  a  unary  function  symbol}  ,  and  for  any  function  symbol  f  , 

if  there  is  a  class,  of  which  f(r())  is  an  element,  then 

f(  [*()])  =  (f(T())}  ,  otherwise  f ( [t ( )  ] )  is  either  [t()]  ,  or  some 

initial  element. 

All  predicates  on  Dom(l)  are  arbitrary. 

This  defines  the  class  of  interpretations  j  . 

K 

Now,  given  an  arbitrary  interpretation  I'  ,  we  define  the 

k 

corresponding  interpretation  I  in  ^  (notation  I'  -  I  )  in  the 
obvious  way.  Two  terms  are  in  the  same  equivalence  class  (in  I  )  only 
if  their  corresponding  values  are  equal  (but  the  converse  is  not 
necessary) .  We  have,  in  addition,  the  following  rules : 

(1)  for  any  t^)  ,  Tg()  ,  such  that  |t1()  |  <k  ,  |t2()  |  <k  ,  the 

two  terms  are  in  the  same  equivalence  class  in  I  if  and  only  if 

their  values  are  equal  in  I'  . 

(2)  If  [t  ()  ]  ,  [t'Q]  are  classes  in  I  such  that  |t()(  >k  , 

|t'()|  <  k  ,  then  if  the  values  of  f(r())  and  T'()  are  equal 
in  I'  then  f([r()])  =  [t'Q]  in  I  . 

(3)  If  [t  ( )  ]  is  a  class  in  I  ,  and  t()  and  f(r())  are  equal 

in  I'  then  f( [t ()  ])  =  [t ()  ]  in  I  . 

(!+)  If  [t()]  is  a  class  in  I  such  that  in  I'  ,  the  value  of 

f(r())  equals  the  value  of  g(r())  ,  and  f(r())  does  not  equal 
T'()  ,  for  any  T  '()  with  |t'()  |  <  k  ,  then  in  I  the  terms 
f(x())  and  g(r  ())  are  in  the  same  equivalence  class. 
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(5)  If  [t()1  is  a  class  in  I  ,  then  p([t()])  is  true  in  I  if 
and  only  if  p(t())  is  true  in  I'  . 

By  the  construction  of  interpretations  in  ,  this  describes  a  unique  I 
corresponding  to  I'  ,  and  a  homomorphism  0  from  I  onto  the  reachable 
elements  (i«e.,  elements  that  can  be  represented  as  constant  terms) 
of  I'  . 

Lemma.  Given  any  monadic  schema  Se^  ,  and  an  integer  k  such  the  „ 
for  every  term  r  used  in  S  ,  |t  I  <  k  ,  then  for  any  interpretation 
I'  for  S  ,  if  I'  -*  I  and  0  is  the  homomorphism  0  :  I  -*  I'  ,  then 

(1)  Path (S, I')  =  Path(S,I)  ,  and 

(2)  Val(S,I*)  =  9(Val(S,I))  if  both  are  defined. 

Proof:  The  lemma  follows  by  induction  on  the  number  of  steps  in  the 

simultaneous  computation  of  S  on  I*  and  on  I  with  the  induction 
hypothesis  that  after  n  steps,  the  paths  are  the  same  and  the  values 
of  the  variable  y  in  the  two  computations  are  related  by  0  . 

It  follows  from  this  lemma  that  to  prove  halting,  divergence, 
equivalence,  isomorphism  or  freedom,  it  suffices  to  prove  these  for 
the  interpretations  ^  (for  appropriate  k  )  because  if  the  outputs 
of  two  schemas  on  an  interpretation  I'  are  distinct,  they  are  also 
distinct  on  the  corresponding  interpretation  I  . 

This  result  (for  inclusion  and  isomorphism)  is  used  throughout  in 
the  proof  below,  where  whenever  we  say  "an  interpretation",  we  mean  an 

interpretation  from  the  class  j  . 

k 
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Given  two  monadic  schemas,  change  all  assignment  statements 
y  *-  T(y)  so  that  the  only  kinds  of  assignment  statements  are  of  the 
form  y  *-  f^(y)  or  y  *-  a^  ,  and  halts  are  of  the  form  HALT(y)  .  Let 
the  resulting  schemas  be  called  exPla^J1  the  algorithm 

for  deciding  whether  or  not  ,  we  first  introduce  the  concept 

of  a  state  vector. 

Given  an  interpretation  for  the  schemas  and  a  value  for 

the  variable  y  ,  we  define  the  specification  state  of  the  variable  y 
to  mean  the  true/false  values  of  all  predicate  and  equality  tests 
the  schema(s)  could  possibly  make  without  changing  the  value  of  the 
variable  y  .  To  make  this  notion  concrete,  let  k  be  the  maximum 
depth  of  any  term  used  in  the  schemas  S1  and  S0  .  Given  a  value 
[t()]  for  y  ,  the  specification  state  of  y  includes  the  following: 

(1)  the  description  of  all  initial  elements  and  all  equivalence  classes 
of  the  form  [t'(t())]  where  |t  *  (y)  |  <k  ; 

(2)  the  values  of  all  terms  T  *  (y)  where  |t  '  (y)  |  <k  ;  and 

(5)  the  values  of  all  atomic  formulas  p(T'(y))  for  all  p  ,  and 
|t  '  (y)  |  <  k  . 

We  define  the  incomplete  specification  state  like  the  specification 
state  except  that  k  is  replaced  by  k-1  in  the  definition  above.  We 
define  the  state  vector  of  the  variable  y  to  be  the  incomplete 
specification  state  as  well  as  the  current  statement  just  executed. 

Now,  given  the  two  schemas  S1  and  S2  we  construct  a  finite  state 
automaton  which  effectively  simulates  the  computations  of  and  S2 

in  parallel.  The  input  tape  represents  an  interpretation  (from  ^  ) 
for  the  schemas  ,  S2  ,  appropriately  coded.  The  automaton  accepts 


the  input  tape  unless  either  (i)  both  schemas  halt  with  different 

outputs,  or  (ii)  S2  halts  and  either  loops  or  can  be  made  to  1 

diverge.  The  finite  automaton  can  detect  the  latter  case  (for  the 

appropriate  input  tape)  because  the  "principal  instance"  of  the  second 

schema  will  enter  the  same  state  vector  twice  after  the  first  schema  has 

halted.  Now,  the  finite  state  automaton  accepts  all  input  tapes  if  and 

only  if  S1  >  S2  . 

The  description  of  the  automaton  and  the  input  tape  follows .  The 
automaton-  effectively  simulates  the  computations  of  the  schemas  by 
running  the  computations  for  a  (large)  number  of  instances  of  the 
variable  y  in  parallel.  For  each  assignment  statement  in  the  schemas 
and  each  constant  term  t()  ,  where  jr()|  <k  there  is  an  instance 
of  y  which  indicates  the  computation  as  would  be  executed  starting 
just  after  that  statement  and  with  the  variable  y  set  to  value  of  t() 

In  addition,  there  is  a  principal  instance  for  each  schema.  It  corresponds 
to  the  start  statement  and  the  initial  value  of  y  ,  i.e.,  it  corresponds 
to  the  'real"  computation  of  the  schema.  As  the  automaton  steps  through 
the  two  schemas  (as  determined  by  its  input  tape)  the  automaton  keeps 
track  of  a  finite  amount  of  bookkeeping  information,  viz.,  the  various  >, 
instances  that  have  equal  values,  the  various  instances  that  halt  or 
loop  forever,  and,  of  course,  the  state  vectors  for  instances  that  have 
not  halted  or  looped  up  to  that  point  (called  active  instances) . 

In  addition,  the  automaton  remembers  the  initializing  character 
( explained  below),  and  if  S2  has  halted,  then  it  also  keeps  track  of 
the  set  of  state  vectors  of  the  principal  instance  of  S1  subsequent 
to  the  halting  of  S2  . 
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The  first  character  of  the  input  tape  is  a  special  charachter 
called  the  initializing  character.  It  describes  all  elements  of  the 
form  [t()]  ,  where  |t()  |  <  2k-l  ,  and  gives  the  values  of  all  terms 
t()  ,  and  all  atomic  formulas  like  p(t())  ,  where  |t()  j  <  2k-l  . 

With  this  amount  of  information  the  automaton  can  simulate  the  execution 
of  all  instances  of  y  so  that  for  each  instance  either  it  halts  or  loops  or 
reaches  a  value  [t  ( )  ]  such  that  ( )  (  =  k  . 

All  subsequent  characters  on  the  input  tape  are  called  updating 
characters.  If  m  is  the  number  of  instances  in  and  ,  and 

we  let  X  denote  the  finite  set  of  specification  states,  then  an 
updating  character  is  an  element  of  X*  .  In  other  words,  one  updating 
character  provides  the  following  information  for  each  instance  in  both 
schemas : 

(1)  the  description  of  all  "new"  equivalence  classes,  i.e.,  for  all 
classes  [T(y)]  ,  |t  (y)  |  =  k-1  ,  and  all  function  symbols  f  , 
the  description  of  equivalence  classes  amongst  the  terms  of  the 
form  fA(T  (y))  ; 

(2)  the  values  of  all  terms  r(y)  ,  |x(y)  |  =  k  j  and 

(3)  the  values  of  all  atomic  formulas  p^(x(y))  ,  It  (y)  j  k  . 

When  an  updating  character  is  read,  the  automaton  already  has  an  incomplete 
specification  state  for  each  instance.  If  for  any  active  instance,  the 
information  given  by  the  updating  character  fails  to  match  the  incomplete 
specification  state  for  that  instance  (and  the  information  of  the 
initializing  character),  the  automaton  detects  the  tape  as  representing 
an  infeasible  interpretation.  Whenever  any  infeasible  interpretation  is 
detected,  the  input  tape  is  accepted.  Further,  the  automaton  checks  that 
the  "updates"  are  equal  for  instances  known  to  have  equal  values  -- 
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otherwise  the  interpretation  is  infeasible.  If  the  updating  character 
passes  these  "feasibility"  tests  the  automaton  then  steps  each  active 

instance  through  the  schema  in  which  that  instance  occurs .  The  following 
cases  are  possible: 

(1)  The  next  statement  is  a  HALT  or  a  LOOP  statement  —  record  it. 

The  instance  becomes  inactive,  but  all  instances  that  become  inactive 
by  halting  with  this  value  are  remembered  in  the  finite  memory. 

(2)  The  next  statement  is  a  test  statement  —  the  outcome  is  known, 
hence  continue  the  process  (check  for  a  loop)  . 

(3)  The  next  statement  is  y  *-  a_L  --  the  instance  becomes  identical 
with  the  instance  that  started  from  this  statement  with  value  a 

i 

(check  for  a  loop) . 

(M  The  next  statement  is  y  -  f.(y)  — 

(a)  If  y  =  f^y)  then  y  is  unchanged  —  continue  the  process, 
checking  for  a  loop. 

(b)  y  /  f^y)  ,  fj(y)  =T()  with  |x()|<  k  —  the  instance 
becomes  identical  with  the  instance  that  started  from  this 
statement  with  value  t()  . 

(e)  y  f  f^(y)  >  f^y)  ^t()  for  all  t()  such  that  |t()|  <  k  — 
the  process  stops. 

The  automaton  continues  reading  input  characters  until  either  both 
and  S2  halt  or  loop,  or  until  s2  loops  (while  S±  is  still  active) . 

If,  however,  S2  halts  and  is  still  active,  all  state  vectors  for 

the  principal  instance  of  S1  are  remembered  and  if  it  ever  loops  or 
repeats  a  state  the  input  tape  is  rejected. 
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The  reason  that  this  specification  state  approach  works  with 
limited  equality  tests  is  that  the  finite  specification  state  carries 
sufficient  information  to  allow  it  to  be  updated  such  that  all  feasible 
updates  represent  feasible  interpretations.  The  converse,  that  for 
every  feasible  interpretation  there  is  a  feasible  update  at  each  step, 
is  trivial.  This  is  not  true  for  general  equality  tests,  e.g.,  in  the 
classes  <2^  and  <2^  if  a  specification  state  were  to  carry  all  infor¬ 
mation  necessary  to  update  it,  the  amount  of  information  would  grow 
without  bound  as  the  computation  proceeded. 

To  generalize  to  non-monadic  schemas  in  ,  we  describe  the 
canonical  interpretations  ^  similar  to  those  for  monadic  schemas. 

The  elements  of  the  domain  are,  as  before,  equivalence  classes 
over  terms.  There  is,  however,  a  special  element  denoted  by  [A]  . 

This  corresponds  to  terms  that  cannot  be  built  up.  For  any  interpretation 
in  >  the  value  of  all  functions  having  [a]  as  any  argument  is  [a]  ; 
and  the  value  of  all  predicates  having  [A]  as  any  argument  is  (arbitrarily) 
true.  We  now  describe  the  other  elements  in  Dom(l)  .  The  "initial 
elements"  are  the  equivalence  classes  over  all  terms  t()  where  |t()  |  <  k 
satisfying  substitutivity,  of  course.  As  before,  we  rank  terms  first 
by  lT()  |  >  and  then  by  (some)  lexicographic  order,  and  we  use  the 
notations  [t()]  and  (t()}  as  before. 

Functions  over  initial  elements  are  defined  as  follows.  If  all 
lTlO  I'***'  lTr0  I  <  k  ,  then  f([T1()],...,[Tr()])  =  (f(T1(),...,Tr())}  , 
where  f  is  an  r-ary  function.  If  [t()]  is  in  Dom(l)  ,  |t()|  >k  , 

then  new  equivalence  classes  may  consist  of  terms  from  the  set  T  of 
terms  t'(t())  where  T'(y)  is  a  non-constant  term  with  |  t  f  ( y)  )  <k  , 


as  follows: 
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(1)  Let  c  T  be  the  set  of  terms  t'(t())  where  j(T  ’  (y)  ||  =  1  , 

and  where  T '  (y)  is  (non-constant  and)  of  the  form  f(T,,...,T  ) 

1  7  TJ 

where  for  each  i  ,  either  is  simply  y  or  else  t.  is  a 

constant  term  and  [t^]  is  an  initial  element.  Then  equivalence 

classes  on  T1  are  arbitrary,  and  we  define  the  value  of  O 

[t^])  to  be-/  {f(t1#  ...,Tr)3  if  such  a  class  exists, 
otherwise  it  is  either  [t()]  or  some  initial  element. 

(2)  Let  Tg  c  T  be  the  set  of  terms  t'(t())  where  |(t,(y)||  =  2  ,  O 

T'(y)  is  of  the  form  f^,...,^)  where  for  each  i  ,  [T  ]  is 

an  equivalence  class  (at  least  for  some  i  ,  \\t  \\  =  1  )  and  there 

exist  non-constant  for  which  Ti  £  .  Then  for  each 

term  T’(x())eTs  there  is  a  class  [t'(t())]  consisting  of  just 

the  singleton,  and  the  value  of  f^],  . . .,  [t^)  is  defined  to  be 

this  element.  q 

(5)  Ty  . . may  generate  additional  new  elements  in  a  manner  similar 
to  (2)  above. 

All  function  applications  not  specified  above  have  value  [a]  ,  and 
all  predicates  taking  arguments  from  Dom(l)-[A]  are  arbitrary. 

This  defines  the  class  of  interpretations  Sk  ,  and  for  monadic 
functions  and  predicates  it  is  the  same  as  the  earlier  class  $ 

k 

introduced  (except  for  the  unreachable  element  [A]). 

Now,  given  an  arbitrary  interpretation  V  ,  we  obtain  the 
corresponding  Ie^  (I *  -*  I)  as  before,  having  the  property  that  there 
is  a  surjection  9:  Dom(l)-[A]  ->  D  that  preserves  the  values  of  predicates 

*7  "  7"" - - — - - — - _ 

With  a  little  corrupted  notation  we  have  allowed  [y]  to  stand  for 

Lm)J  where  t()  is  the  value  of  y  ,  and  we  continue  to  use  y  and 
t()  interchangeably.  J 
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and  functions .  Here,  D  is  the  set  of  k-reachable  elements  in 
Dom(l')  which  is  defined  to  be  the  set  of  elements  in  Dom(l') 
corresponding  to  the  terms  t()  that  can  be  built  up  by  assignments: 

y  -  ;  y  -  T2(y)  >  ‘ '  *  ’  y  -  Tn(y)  >  where  for  all  i  ,  ItJ  <  k  . 

The  desired  lemma  can  then  be  proved,  that  is,  if  every  term  T  used 

k 

in  Se2^  has  depth  at  most  k  ,  then  if  I'  -*  I  then 
Path(S,I ' )  =  Path(S,l)  ,  and  Val(S,I')  =  9(Val(S,l))  .  The  rest  of 
the  proof  is  almost  identical  to  the  pvouf  above,  except  that  we  cannot 
impose  that  all  instances  can  be  simulated  exactly  in  step,  but  some 
instances  may  get  up  to  a  bounded  number  (k-1)  of  steps  ahead  of 
others  —  but  this  is  no  problem,  the  automaton  simply  remembers  these 
relationships,  and  always  updates  those  (active)  instances  lagging  behind. 

This  completes  the  proof  of  inclusion.  But  before  the  reader  starts 
sharpening  his  pencil  to  write  a  program  for  proving  the  equivalence  of 
programs  by  this  method,  a  note  of  caution  seems  to  be  in  order.  The  size 
of  the  automaton  grows  quite  rapidly  with  the  size  of  the  input  schemas. 
Perhaps  the  verb  "explode"  would  be  more  appropriate.  To  decide  if 
>  Sg  where  both  ,  Sn  are  the  trivial  schema 

START  y  -  a;  HALT(y) 

the  automaton  is  trivial.  But  if  we  add  an  assignment  statement  and 
change  the  schema  to 
START  y  -  a; 
while  p(y)  do  y  -  f  (y) ; 

HALT(y) 

then  the  automaton  (in  a  brute  force  construction)  has  some  50  billion 
states  and  an  alphabet  of  size  500  million.  Of  course,  large  impro\ ements 


are  possible  to  make  the  decision  procedure  feasibly  in  practice  by 
more  careful  definitions  of  canonical  interpretations,  specification 
states,  and  the  automaton  construction  (e.g.  if  the  automaton  merely 
counts  the  number  of  steps  of  Sx  after  S2  halts,  instead  of  keeping 
track  of  all  state  vectors  entered),  but  that  is  not  our  purpose  in  the 
proof. 

3-!(e)  The  proof  of  isomorphism  is  similar  to  the  proof  of  inclusion, 
except  that  the  automaton  not  only  keeps  track  of  which  instances  are 
equal  in  value  at  each  step,  but  also  which  equal  instances  have  an 
isomorphic  history.  The  automaton  can  then  detect  if  for  any  input 
tape  the  computations  of  the  two  schemas  are  not  isomorphic. 

3 .2.4.2  Proof  of  Theorem  3.2  (Solvability  of  Q,  ) 

The  proof  of  Theorem  3.2  is  somewhat  similar  to  that  for  Theorem  3.1, 
but  the  canonical  interpretations  and  the  automaton  to  be  constructed 
have  to  be  a  little  more  general.  Intuitively,  the  reason  for  this  is 
the  following.  For  schemas  in  the  class  ^  ,  if  two  instances  "diverge" 
in  their  values,  then  from  that  point  onwards  their  predicate  and 
equality  tests  are  independent  of  each  other.  Not  so  for  schemas  in  . 
For  a  schema  in  C2  ,  two  instances  may  diverge  and  then  come  together 
again,  for  example,  the  following  may  happen.  We  denote  two  instances 
by  y.^  and  yg  ;  then  say,  both  are  equal,  and  one,  say  y  ,  tests 
f ( f( f(f(y^) ) ) )  =  f(f(f(g(y^) )))  ,  and  it  is  true.  Then  y^  applies 
yl  *“  f(yi)  and  y2  aPPlies  y2  -  g(y2)  ,  namely,  they  diverge.  But 
they  can  converge  again  if  the  function  f  is  applied  three  times  to 
each. 
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We  will  demonstrate  a  quick  proof  for  the  inclusion  problem.  The 
solvability  of  halting,  divergence  and  equivalence  follow  from  this,  and 
isomorphism  can  be  shown  to  be  solvable  in  much  the  same  way. 

Given  (monadic  or  non-monadic)  schemas  to  decide  if 

S1  >  Sn  we  describe  the  canonical  interpretations  for  S1  ,  S2  .  Let 
k  be  the  maximum  depth  of  any  term  used  in  or  in  ..  We  define 

the  effective  assignment  depth  /hi)//  of  constant  terms  t()  as 
follows : 


//  t  ( )  H  =  if  |t()  |  <  k  then  0  else  |t  ( )  \ -k  . 

The  canonical  interpretations  ,9.  are  defined  as  follows.  The  domain 
of  an  interpretation  IeJ,  is  equivalence  classes  over  all  constant 

K 

terras,  but  all  elements  of  an  equivalence  class  must  have  the  same  effective 
assignment  depth,  and  equivalence  classes  must  satisfy  substitutivity . 

The  values  of  functions  are  defined  in  the  obvious  way,  that  is, 
f([Tl],...,[Tr])  is  (f^^,  . .  .,Tr) }  if  such  a  class  exists,  otherwise 
it  is  some  initial  element;  and  the  predicates  are  arbitrary.  It  is  to 
be  noted  that  all  equivalence  classes  are  finite,  but  unbounded,  i.e., 
the  input  tape  of  the  automaton  to  be  constructed  cannot  specify  the 
entire  description  of  the  elements,  but  that  will  not  be  necessary. 

The  automaton  simulates  the  computation  of  all  instances  in 
parallel  keeping  a  total  specification  state  instead  of  specification 
states  for  each  instance.  Let  Y  =  1  denote  the  set  of  all 

instances.  The  total  specification  state  contains  the  following: 


i;o 


(1)  a  map  D:  Y  (0, 1, . . . ,k-l}m  giving  the  relative  effective 
assignment  depths  of  all  instances  (at  least  one  of  which  is  zero), 

(2)  the  values  of  all:  T-^y^  =  T2(y^)  ,  where  T^y)  ,  T2(y)  are 

non-constant  terms,  and  H^Cy)  |j+  =  ||T2(y)||  +  D(yp  <k  , 

i.e.,  the  effective  assignment  depths  of  both  T..(y.)  and  t  (y.) 

1  i  2  j 

are  the  same  (because  we  will  have  that  the  values  of  y.  ,  y.  have 

J 

depth  >  k  ) , 

(3)  the  values  of  all:  T^y.)  =  t2()  ,  where  \\t  fo)  ||  +  D(y.)  <k  , 

|t2()  |  <  k  ,  and 

(M  the  values  of  all  p(t.,...,t  )  where  are  all  terms 

j.  r  j.  r 

on  some  yi  ,  (or  constant),  and  for  non-constant  t.  , 

t) 

|T  A  +D(yJ  <  h  ,  and  for  constant  t  .  ,  It  .  I  <  k  . 

J  x  j  1  j 1  - 

The  rest  of  the  execution  of  the  automaton,  i.e.,  the  initialization, 
updating,  simulation  and  halting,  is  on  the  lines  of  the  earlier  proof. 


3-2.1+.3  Proof  of  Theorem  3-3  (Unsolvability  of  <2^  ) 

1  -?(a) )  (b)  We  define  a  class  of  schemas  having  two  variables 
y1  and  y2  ,  and  whose  statements  consist  of  the  following: 

Start  statement:  START  <y1,y2)  -  (a, a) 

Final  statements:  HALT(a)  or 

LOOP 

Test  statement :  y  *-  f (y^) ; 

if  p(yi)  then  goto  else  goto  Lk; 

It  was  shown  by  Luckham,  Park  and  Paterson  [1970]  that  the  halting 
problem  for  the  class  is  unsolvable,  and  that  the  divergence  problem 

is  not  partially  solvable. 
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To  show  the  halting  problem  for  to  be  unsolvable  we  reduce 

the  halting  problem  for  ^  to  that  for  C,.,  ;  that  is,  we  describe  un 
algorithm  that  takes  any  schema  S^  in  the  class  as  input  and 

yields  a  schema  in  the  class  such  that  halts  if  and  only 

if  S^  halts.  Similarly,  to  show  that  the  divergence  problem  for 
is  not  partially  solvable  v'e  describe  an  algorithm  that  takes  S^  as 
input  and  yields  as  output  a  schema  S^  in  the  class  such  that 

S"  diverges  if  and  only  if  S^  diverges.  We  will  unify  the  construction 
for  the  two  cases  by  constructing  for  both  cases  a  schema  S^  in  the 
class  but  augmented  with  a  special  final  statement  called  the 

reject  statement: 

REJECT  statement:  REJECT  . 


The  reject  statement  signifies  that  the  interpretation  is  unacceptable 

and  is  rejected.  The  idea  is  the  following.  There  exists  a  map  from 

interpretations  of  E~  that  are  not  rejected  onto  the  interpretations 

of  S..  such  that  the  computation  for  S,  under  an  interpretation  halts 

5 

if  and  only  if  the  computation  for  under  the  corresponding  interpre¬ 

tation  halts. 

Now  it  is  clear  that  if  we  replace  all  reject  statements  in  S^  by 
HALT  statements  to  get  S)  ,  then  SI  halts  on  every  interpretation  if 
and  only  if  S„  halts  on  every  interpretation.  Similarly,  if  we  replace 
all  reject  statements  by  loop  statements  to  get  S1^  ,  then  S’] 

diverges  on  every  interpretation  if  and  only  if  S^  diverges  on  every 
interpr etat ion . 

Given  a  schema  S..  in  we  construct  the  corresponding  schema 

5  5 

E.  in  C-/  (with  the  addition  of  REJECT  statements)  as  follows.  We  use 
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the  variable  y  of  to  represent  the  latest  variable  tested  in  , 


i.e.,  y1  or  y2  . 


The 


function  f  plays  the  same  role  in  as 


in  S,.  .  We  use  a  new  function  g  called  a  "test  function")  and  tests 
of  the  form 

if  p(y)  then  ...  else  ... 
in  Sc  ,  will  take  the  form 

if  g(y)  =  g(g(y))  then  ...  else  ... 

in  S,  .  In  addition  we  use  two  "control"  functions  f..  and  f  .  Their 

3  i.  d 

roles  are  the  following:  if  y  stands  for  y2  (of  )  then  f^y) 
will  equal  the  value  of  f(y^  at  that  instant  in  the  computation  unless, 
of  course,  a  reject  statement  is  reached  earlier.  The  role  of  fg  is 
analogous,  i.e.,  if  y  stands  for  y±  then  f2(y)  will  equal  the 
value  of  f(y2)  . 

The  schema  S^  simulates  a  computation  of  as  follows.  In 
the  diagram  below  the  elements  a  ,  f(a)  ,  f(f(a))  ,  f(f(f(a)))  are 
represented  by  contiguous  squares  from  left  to  right.  We  superimpose 
on  this  diagram  the  computations  of  both  and  S,-  .  Suppose,  at  some 

instant  in  the  computation  of  ,  y^  is  at  point  A  ,  and  y2  is 

at  C  ,  and  suppose  y^  is  being  "read".  S^  makes  certain  that  the 

f2  pointers  from  the  squares  scanned,  point  to  the  right  of  y2  . 

Suppose  that  when  y^  reaches  point  D  the  schema  S^.  starts  "reading" 
from  y„  .  S-,  checks  that  the  f,  pointers  from  the  squares  scanned, 

2  j  1 

point  to  the  right  of  D  (i.e.,  to  F). 
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(S5  reads  yg) 


We  are  now  in  a  position  to  describe  the  construction  of  S- 


Without  loss  of  generality  we  will  assume  that  in  Sc  the  first  test 

3 


statement  tests  the  variable  y.^  .  will  effectively  contain  two 


copies  of  Sj.  ,  except,  of  course,  for  the  start  statement.  We  will 


call  these  copies  A  and  B  .  We  will  label  statements  of  Sc  by 

5 


L^L 2,L^, ...  .  The  corresponding  statements  in  Sj  will  be  labelled 


AL. , , ALg, BLg , AL ^ , BL^ ,  .  . 


(i)  The  start  statement  in  is 

START  <y1,y2>  -  <a,a>; 
goto  Li; 
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are: 


The  corresponding  statements  in  S, 

5 

START  y  ♦-  a; 
if  f(y)  f  f2(y)  then  REJECT  else  goto  AL.; 

Note  that  the  test  f(y)  /  f  (y)  is  not  strictly  an  allowed 
statement.  We  use  this  form  for  clarity:  it  can  really  be 
"simulated"  by  the  statements: 

if  f(y)  f  f1(f1(y))  then  REJECT; 

if  f2(y)  /  ^(^(y))  then  REJECT  else  goto  AL±; 


(ii) 


For  any  tests  statement  L.  in  S,  ,  if  L.  is  of  the  form- 

i  p  1 

y1-  f(yx); 

if  p(y1)  then  goto  else  goto  L^; 

the  corresponding  statements  AL^  and  BL^  are: 

11  f2(y)  t  fg(f(y))  then  REJECT; 
y  -  f (y) ; 

if  g(y)  =  g(g(y))  then  goto  AL..  else  goto  AL,  ; 

J  K 

and 


HI,.:  if  f(.v)  /  1'^  (y )  Uion  HKJI-XVl'; 

y  -  i\(y) ; 

if  g(y)  =  g(g(y))  then  goto  AL..  else  goto  AL,  ; 

J  K 

( iii)  For  any  tests  statement  L^  in  of  the  form: 

V  y2  -  f(y2); 

if  p(y2)  then  goto  L^  else  goto  1^; 

ALi  and  BL^  are  similar  to  the  above,  except,  one  has  to 
interchange  ^  with  f  and  A  with  B  . 
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(iv)  Halt  and  loop  statements  remain  unchanged. 

This  completes  the  construction. 

The  main  reason  that  the  schema  S^  can  simulate  the  computation 
of  Sj.  is  that  each  f^  ,  "pointer"  is  checked  at  most  once  from 
each  square.  If  pointers  were  to  be  checked  twice  and  it  turned  out 
that  they  were  required  to  point  to  different  values  there  might  exist 
no  interpretation  satisfying  this  condition  --  the  result  would  be  that 
all  interpretations  of  would  be  rejected. 

^•Mc)  The  non-partial  solvability  of  the  equivalence  problem  follows 
directly  from  the  non-partial  solvability  of  the  divergence  problem 
(part  (b)),  since  a  program  schema  in  diverges  if  and  only  if  it 

is  equivalent  to  the  schema: 

START  y  -  a; 

LOOP  . 

3«5(d)  The  non-partial  solvability  of  the  inclusion  problem  follows 
immediately  from  the  non-partial  solvability  of  the  equivalence  problem 
since  S±  =  S2  if  and  only  if  Sj  >  S2  and  S2  >  S1  . 

5 ‘3(e)  The  non-partial  solvability  of  the  isomorphism  problem  also 
follows  directly  from  the  non-partial  solvability  of  the  divergence 
problem.  Given  a  schema  S  in  the  class  ,  construct  a  new  schema  S' 
also  in  Cv,  obtained  by  replacing  each  halt  statement  in  S  by  the 
statements: 

y  -  f(y) ; 

HALT (a)  . 

Then  S  and  S'  are  isomorphic  if  and  only  if  S  diverges. 
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3-2. h. 4  Proof  of  Theorem  3.4  (Unsolvability  to  ^  ) 

The  proof  goes  along  lines  quite  similar  to  the  proof  for  Theorem  'j.'j. 

We  first  define  a  subset  of  the  class  of  schemas  .  Schemas 

in  C g  >  like  those  in  <3^  ,  have  two  variables  y^  and  yg  ,  one 

function  symbol  f  ,  and  one  predicate  symbol  p  .  However,  Cr-  has 

the  constraint  that  in  any  path  through  a  schema  of  <3g  ,  after  each 

statement  that  tests  the  variable  y^  there  must  be  either  one  or  two 

statements  that  test  y^  (followed  by  a  halt  or  loop  statement  or  another 

test  of  y  )  --  note  the  form  of  the  test  statement  of  C,c  defined  in 
x  0 

the  proof  of  Theorem  3-3(a),  (b) .  Each  "statement"  in  Cg  (other  than 
a  start,  halt,  or  loop)  is  a  compound  statement  of  any  of  the  following 
two  forms  (labels  L, L^, Lg, . . .  are  arbitrary): 

L:  Y1  -  f(y1)  5 
if  p(y-i)  then 
begin 

y2  -  f(y2) ;  if  p(y2)  then  goto  1^  else  goto  L 2 
end 
else 
begin 

y2  -  f(y2) if  p(y,2)  then  goto  else  goto 
end; 

and 


V. 


o 


u 


G 


O 


G 


o 
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L:  y±  -  f(yx) ; 
if  p(y^)  then 
begin 

y2  -  f  (y2)  J 

if  P(y2)  then 
begin 

^2  "  i*(y2)  >  if  p(y2)  then  goto  else  goto 

end 

else 

begin 

^2  i*^2)  >  A£  P(y2)  then  goto  else  goto 

end 

end 

else 

begin 

. . .  copy  of  the  above*  except  exits  are  L  -L0 

5  « 

end; 

Lama.  The  class  flg  is  unsolvable. 

Proof:  The  proof  of  unsolvability  of  cSg  is  similar  to  the  proof  of 

the  unsolvability  of  the  class  .  The  class  ^  is  analogous  to  the 
class  of  two-headed  automata.  On  the  other  hand*  the  class  (%  corresponds 
to  a  restricted  class  of  two-headed  automata  in  that  after  each  time 
head  #1  reads  a  character  from  a  binary  alphabet*  head  #2  reads  one  or 
two  characters;  then  head  #1  reads  again.  Thus  it  is  clear  that  head  #1 
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can  get  at  most  one  character  ahead  of  head  #2.  This  restricted  two- 
headed  automaton  can  simulate  a  Turing  machine  computation  for  an 
appropriately  coded  input  tape  as  follows.  The  input  represents  a 
sequence  of  "instantaneous-descriptions"  of  the  Turing  machine  computation, 
but  between  any  two  consecutive  instantaneous  descriptions  are  a  sequence 
of  incomplete  descriptions,  each  one  bit  longer  than  the  previous.  Now, 
on  lines  similar  to  Luckham,  Park  and  Paterson  [1970]  the  restricted 
two-headed  automaton  accepts  an  input  tape  if  and  only  if  it  represents 
the  Turing  machine  computation  alluded  to  above.  The  unsolvability  of 
<3^  is  now  obvious. 

Now,  given  a  schema  Sg  in  3g  we  construct  a  schema  in 
(with  reject  statements)  as  follows.  This  time  will  have  just  one 
"copy"  of  Sg  ,  but  will  have  six  function  symbols:  f ,  g ,  f  ,  f  ,  f  f  . 

^  J  *T 

(i)  The  start  statement  in  Sg  is 

START  (yx>  y2  >  -  <a,a); 
goto  L; 

The  corresponding  statement  in  SJ(  is: 

START  y  -  a; 

if  y  /  f^y)  then  REJECT; 
goto  L; 

(ii)  The  statement  in  Sj^  corresponding  to  a  test  statement  of  the 
first  kind  is: 

L:  if  y  /  f2(f(f1(y)))  then  REJECT; 

y  -  fC^Cy) ) ;  comment :  short  for  y  -  f  (y)  and  y  -  f(y) 


begin 

if  y  /  then  REJECT; 

y  -  f(f2(y))j 

if  y  =  g(y)  then  goto  else  goto 
end; 


Z 


ft 


ft 


(iii)  The  statement  in  Sj^  corresponding  to  a  test  statement  of  the 
second  kind  is: 

L:  if  y  /  f2(f(f1(y)))  then  REJECT; 

y  -  f(fx(y)); 
if  y  =  g(y)  then 

begin 

if  y  /  f^(f(f2(y)))  then  REJECT; 

y  -  f(f2(y)); 
if  y  =  g(y)  then 

begin 


if  y  =  f^(f5(y))  then  REJECT; 

y  -  f5(y) ; 

if  y  f=  f1(f(flv(y)))  then  REJECT; 

y  -  f(f^(y)); 

if  y  =  g(y)  then  goto  else  goto  L0 

end 
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else 


begin 

if  y  f  f^(fj(y))  then  REJECT; 

y  -  f5(y) ; 

if  y  f  f^fCf^y)))  then  REJECT ; 
y  -  f(f4(y)); 

if  y  =  g(y)  then  goto  else  goto 

end 


end 

else 

begin 

...  as  above,  but  with  exits  L^-Lq 
end; 


This  proves  the  unsolvability  of  3.4(a),  (b),  and  the  parts  (c),  (d), 
and  (e)  are  immediate  from  these.  pj 


3. 2. 4. 5  Proofs  of  Secondary  Results 
In  the  following  results  the  number  of  functions  does  not  include 
the  ever  present  zero-ary  function. 

(i)  Schemas  with  one  variable,  two  functions  and  general  equality  tests. 

The  class  of  flowchart  schemas  with  one  variable,  two  functions 
(no  predicates)  and  general  equality  tests  is  unsolvable. 

If  completely  general  equality  tests  are  allowed  it  is  easy  to  see 
that  two  function  constants  suffice  to  render  the  class  of  schemas 
unsolvable  because  more  function  letters  can  be  "coded"  in  terms  of  two 


w 


v. 
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functions.  In  the  proof  of  Theorem  3-3  we  change  the  construction  of 

S3  from  S5  '  somewhat,  by  making  the  following  substitutions:  for  all 
terms  t  ,  simultaneously  substitute 


f(f(T)) 

for 

f(T) 

» 

f(g(T)) 

for 

g(T) 

g(f(T)) 

for 

fi(T) 

g(g(T)) 

for 

f2(T) 

t 


All  the  unsolvability  results  go  through  on  making  this  substitution. 


t11)  Schemas  with  two  variables,  two  functions  and  restricted  quality 
ft  tests . 

The  class  of  flowchart  schemas  with  two  variables  and  two  functions 
(no  predicates)  with  tests  only  of  the  fom  y.  =  f(y.)  are  unsolvable. 
f'  Consider  the  class  which  is  the  same  as  Q,  but  with  the 

difference  that  there  are  two  functions  f  and  g  ,  and  no  predicate 
constant . 

*  Every  schema  s5  in  ^  can  be  reduced  to  an  equivalent  schema 

in  ^  by  rePlacing  every  test  statement  of  the  form 
yi  -  f (yi) 5 

f>  if  PCl^)  then  goto  else  goto 

by  a  test  statement  of  the  form 
yi  -  f(yi) ; 

if  =  g^)  then  goto  else  goto  1^  . 

It  is  easy  to  see  that  for  any  finite  or  infinite  path  through  ,  if 
there  exists  an  interpretation  for  which  S5  executes  statements  along 
this  path,  then  there  is  an  interpretation  for  which  executes 
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statements  along  the  corresponding  path.  This  establishes  the 
uncolvability  of  the  class  . 

(iii)  Schemas  with  one  function,  restricted  equality  tests. 

Schemas  with  one  function  using  tests  only  of  the  form  v  =  v 

i  Jj 

are  unsolvable. 

Consider  the  class  of  two-counter  programs  having  statements  of 
the  following  kinds: 

(1)  START  (c^Cg)  -  <0,0  > 

(2)  c.  -  c.+l 

(3)  c.  c^l 

(U)  if  c^  =  0  then  goto  1^  else  goto  L 2 
(5)  HALT(c.)  . 

ouch  programs  can  simulate  the  computation  of  a  Turing  machine  on  a  blank 
tape  and  hence  their  halting  and  divergence  is  unsolvable.  Now,  given 
a  two-counter  program,  we  construct  a  corresponding  four-variable  schema 
with  variables  y1  ,  yg  ,  y^  ,  y^  such  that  the  schema  halts  if  the 
program  halts,  and  the  schema  diverges  if  the  program  does  not  halt 
(note:  we  will  use  reject  statements  as  before).  The  statements 
corresponding  to  (l)-(5)  above  are 

(1)  START  <y1,y2,y5,y1|)  -  <a,a,a,a) 

(2)  y5  -  f(yt) ; 

—  y3  =  yi  then  REJECT; 

y^  **  a’ 

vhile  y^  f  y±  Jo  ±£  =  y5  then  REJECT  else  y^  -  f  (y^) ; 

yi  ~y35 
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y5  -  a; 

1£  Yz  h  y±  then 
begin 

L:yu  -  f(y^) ; 

if  yjj  /  yi  then  begin  *-  y1(;  goto  L  end; 

yi  *"  y3; 
end 

y3  -  a; 

if  y^  =  yi  then  goto  1^  else  goto  Lg 
HALT(a)  . 

This  demonstrates  the  unsolvability  of  the  one-function  schemas. 

X 

3-3  Commutativity  and  Invertibillty 
3-3.1  Introduction 

~  We  now  consider  some  classes  of  semi-interpreted  schemas  in  which 

some  of  the  base  functions  are  related.  In  particular,  we  consider 
one-variable  monadic  flowchart  schemas  for  which  the  class  of  possible 
a  interpretations  may  be  restricted  by  the  following  specifications: 

1  i)  ^wo  functions  may  be  specified  to  commute  (unary  functions  f  and  g 
are  said  to  commute  if  f(g(x))  =  g(f(x))  for  all  x  ), 

(ii)  some  function  is  invertible  (a  function  f  is  invertible  if  there 
exists  another  function  f"1  such  that  f(f_1(x))  =  f_1(f(x))  =  x 
for  all  x  ) . 


(3) 


(*») 


£ 


(5) 
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Thus,  for  a  schema  S  ,  if  f  and  g  are  specified  to  commute, 
then  all  interpretations  are  not  allowed  for  S  ;  only  those  interpreta¬ 
tions  are  allowed  that  satisfy  the  formula  Vxf(g(x))  =  g(f(x))  .  For  a 
consideration  of  the  inclusion,  equivalence,  and  isomorphism  problems 
for  such  semi-interpreted  schemas  we  will  only  relate  two  schemas  if 
they  are  compatible,  i.e.,  they  have  the  same  specifications  about 
commutative  and  invertible  functions. 

We  show  tnat  with  either  commutativity  or  invertibility  alone, 
the  decision  problmes  of  one-variable  schemas  remain  solvable,  but  with 
both  commutativity  and  invertibility  they  become  unsolvable:  we  also 
relate  some  of  these  results  to  the  equivalence  problem  of  multi -dimensional 
automata. 

All  the  schemas  to  be  described  below  have  a  single  variable  (y) 
and  one  zero-ary  function  a  .  All  other  functions  and  predicates  are 
unary.  Unless  otherwise  specified,  statements  are  of  the  following  types: 

(1)  START  y  -  a 

(2)  HALT(t) 

(3)  LOOP 

(*0  y  -  ft(y) 

(5)  if  P^t)  then  goto  L1  else  goto  Lg 

where  f.  is  a  unary  function,  p  is  a  unary  predicate,  t  (y)  is  an 
arbitrary  term  that  may  or  may  not  contain  the  variable  y  ,  and  L1 
and  L2  are  arbitrary  labels. 


5 *3 *2  Schemas  with  Commutative  and  Invertible  Functions 


Consider  the  class  of  monadic  flowchart  schemas  defined  as 

follows.  A  schema  S  in  contains  one  variable  y  ,  a  zero-ary 

function  a  ,  and  an  arbitrary  number  of  unary  functions  f^, f  , ... 

and  unary  predicates  p-^pg,  ...  .  In  addition,  there  is  a  set  E  of 

pairs  of  functions  (f^, f ^ }  hat  are  specified  to  commute.  Thus,  if 

ff. ,f .  }cE  then  for  any  interpretation  for  S  and  any  element  x  in 

the  domain  of  the  interpretation  we  must  have  f.(f.(x))  =  f.(f.(x))  • 

i  j  j  x 

We  refer  to  as  the  class  of  commutative  schemas. 


Theorem  3*3  (Solvability  of  ) 

The  class  of  commutative  schemas  is  solvable,  that  is,  for  the 

class 

(a)  the  halting  problem  is  solvable, 

(b)  the  divergence  problem  is  solvable, 

(c)  the  equivalence  problem  is  solvable, 

(d)  the  inclusion  problme  is  solvable, 

(e)  the  isomorphism  problem  is  solvable. 


For  proofs,  see  Section  3.5.U. 

Next,  consider  the  class  f!g  of  monadic  flowchart  schemas  defined 

as  follows.  A  schema  S  in  contains  one  variable  y  ,  a  zero-ary 

function  a,  and  unary  functions  f' _1, f,  f  ,  . . .  and  unary  predicates 

•  •  •  t  where  f  and  f  ^  are  specified  to  be  inverses,  that  is, 

for  any  interpretation  for  S  ,  and  any  element  x  in  the  domain  of  the 

-1  -1 

interpretation,  we  must  have  f(f  (x))  =  f  (f(x))  =  x  . 


Theorem  3-6  (Solvability  of  (*  ) 

The  class  <*>  of  schemas  with  an  invertible  function  is  solvable. 

For  the  proof,  see  Section  3.3.4. 

Finalu/,  consider  the  class  of  schemas  that  have  both  the  commuta¬ 
tivity  and  invertibility  constraints.  We  wish  to  show  that  the  decision 
problems  for  this  class  is  unsolvable.  For  this,  we  exhibit  the  class 

J 

of  periscopic  schemas  defined  as  follows  (we  call  these  schemas 

"periscopic"  schemas  because  of  their  obvious  relation  to  periscopic 

automata  introduced  in  Section  3.3)-  A  schema  S  in  (*„  has  one 

3 

variable  y  ,  one  unary  predicate  p  ,  the  zero-ary  function  a  ,  and 
three  unary  functions  f"1  ,  f ,  g  that  are  related  by: 

Vx  f(f"1(x))  =  f'1(f(x))  =  x 

and 

Vx  f(g(x))  =  g(f(x))  . 

Note:  this  also  implies  that  the  functions  f-1  and  g  commute. 

Tests  in  S  have  either  the  form  p(y)  or  p(g(y))  ,  and  we  also 
restrict  halt  statements  to  have  the  form  HALT (a)  . 

Theorem  3. 7  (Un solvability  of  ) 

Periscopic  schemas  are  unsolvable.  In  other  words,  for 

(a)  the  halting  problem  is  unsolvable, 

(b)  the  divergence  problem  is  not  partially  solvable, 

(c)  the  equivalence  problem  is  not  partially  solvable, 

(d)  the  inclusion  problem  is  not  partially  solvable, 

(e)  the  isomorphism  problem  is  not  partially  solvable. 
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A  question  raised  by  this  theorem  is  whether  tests  of  the  form 
P(g(y))  are  really  necessary  for  making  the  class  unsolvaDle. 

We  might  ask,  for  example,  whether  periscopic  schemas  without  tests 

P(g(y))  might  be  solvable.  The  next  theorem  says  that  this  is  indeed 
the  case. 

Consider  the  class  <3^  of  schemas  which  is  like  except  that 

the  only  tests  allowed  are  of  the  form  p(y)  . 

Theorem  ;  .8  (Solvability  of  l 

The  class  (2^  is  solvable. 

3 0-5  Application  to  Finite  Automata  Theory 

From  the  above  solvability  and  unsolvability  results  we  wish  similar 
results  for  finite  automata.  In  general,  the  input  tape  of  the  automata 
we  consider  will  be  an  infinite  n-dimensional  tape  (with  a  root,  or 
origin) .  We  consider  classes  of  automata  by  restricting  the  kinds  of 
input  tapes  all  )wed  and  the  poss  ible  ways  the  reading  head  of  the 
automaton  can  move.  An  automaton  may  accept  or  reject  its  input  tape, 
or  it  may  run  forever,  in  which  case  the  tape  is  rejected. 

Note  that  for  automata  we  can  consider  the  problems  of  acceptance, 
rejection,  equivalence,  inclusion  and  isomorphism  as  analogous  to  the 
problems  of  halting,  divergence,  equivalence,  inclusion  and  isomorphism 
for  schemas.  The  acceptance  (rejection)  problem  is  to  decide  if  an 
automaton  accepts  (rejects)  all  input  tapes,  an  automaton  A±  includes 
an  automaton  A 2  if  the  set  of  tapes  accepted  by  A1  contains  all  tapes 
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accepted  by  ,  two  automata  are  equivalent  if  they  accept  exactly 
the  same  set  of  input  tapes,  and  two  automata  are  isomorphic  if  for  every 
input  tape  they  "visit"  and  read  exactly  the  same  squares  of  the  tape  in 
the  same  order.  We  say  that  a  class  of  automata  is  solvable  if  all  these 
these  problems  are  solvable  for  the  class. 

Schemas  in  are  closely  related  to  finite  automata  on 

n-dimensional  infinite  tapes.  An  n-dimensional  automaton  is  a  finite 
state  machine  with  one  reading  head  that  is  initially  at  the  "origin" 
of  its  n-dimension  infinite  tape.  The  symbols  of  the  tape  are  from 
some  finite  alphabet  £  .  The  reading  head  of  the  automaton  can,  however, 
move  only  in  the  positive  direction  along  any  dimension.  The  automaton 
may  halt  and  accept  or  reject  the  tape,  or  it  may  never  halt  (in  which 
case  the  tape  is  rejected) .  We  will  represent  the  transition  graph  of 
the  aut cmat on  by  a  program  which  has  statements  of  the  following  kind:: : 

(1)  Lq:  START,  goto  8(Lq,  a) 

(2)  L^:  ACCEPT 

(3)  1^:  REJECT 

00  1^:  move(j),  goto  5(1^, o) 

where  move(j)  means  "move  one  step  in  the  j-direction",  and  &  is  a 
function  from  labels  and  tape  symbols  to  labels  —  a  stands  for  the 
symbol  read  from  the  tape  (which  is  an  element  of  E  )  ,  and  no  8(L^, a) 
can  ever  be  the  label  LQ  for  the  start  statement. 

From  Theorem  3-5  we  obtain 

Corollary  A.  The  class  of  n-dimensional  automata  is  solvable. 

To  show  this  we  construct  for  every  n-dimensional  automaton  A 
a  corresponding  schema  ScC^  (of  Theorem  3*5).  It  will  be  obvious  that 
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the  acceptance,  rejection,  equivalence,  inclusion,  and  isomorphism 
problems  for  n-dimensional  automata  are  the  same  as  the  halting, 
divergence,  equivalence,  inclusion,  and  isomorphism  problems  for  the 
corresponding  schemas . 

Given  an  n-dimensional  automaton  A  on  E  =  fcx  , . .  ..a  1  ,  we 

1  mJ  7 

construct  the  corresponding  schema  Se^  as  follows.  S  has  n  unary 

functions  f^,  . . . ,  f^  ,  each  pair  of  which  commutes,  and  (m-1)  unary- 
predicates  •  Statements  in  the  automaton  A  and  the 

schema  S  correspond  as  follows : 


Automaton  A 

Schema  S 

START 

START  y  -  a 

Lj!  ACCEPT 

Li: 

HALT (a) 

1^:  REJECT 

L. : 

l 

LOOP 

In:  move(j). 

L.: 

1 

y  - 

Goto  6(ln>G)  if  P-^(y)  then  goto 

else  if  p2(y)  then  goto  6(1^, 

else  if  pm_1(y)  then  goto  & (Li, ff  ) 

else  goto  6(L.,cr  ) 

The  head  of  the  automaton  corresponds  to  the  variable  y  of  the  schema, 
the  input  tape  for  A  corresponds  to  the  interpretation  for  S  ,  moving 
the  head  in  direction  j  corresponds  to  applying  the  function  f.  ,  and 
acceptance  or  rejection  in  A  corresponds  to  halting  or  divergence  in  S  . 
Note  that  for  an  input  tape  for  A  there  correspond  several  interpretations 
for  S  ,  but  it  is  obvious  that  the  decision  problems  for  the  automata 
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are  reduced  to  the  decision  those  for  schemas  (see  also  the  canonical 
interpretations  for  in  the  proof  of  Theorem  3.5). 

It  is  clear  that  two-way  finite  state  automata  (on  linear  two-way 
infinite  tapes)  are  related  to  schemas  in  with  unary  functions 
f  >  f  in  the  same  way  as  n-dimensional  automata  are  related  to 
schemas  in  .  It  follows,  then,  that 

Corollary  B.  The  class  of  two-way  automata  on  one-dimensional  infinite 
tapes  is  solvable. 

Of  course,  this  result  is  not  new,  but  we  mention  it  to  show  that 
it  is  derivable  in  a  straightforward  way  from  Theorem  3.6. 

As  we  have  done  for  classes  and  <32  ,  we  describe  a  class  of 

automata  related  to  that  we  call  periscopic  automata.  A  periscopic 
automaton  has  one  head  which  can  move  on  a  two-dimensional  infinite  tape. 
We  call  the  dimensions  "horizontal”  and  "vertical".  The  head  can  move 
freely  in  the  horizontal  direction  (i.e.,  left  or  right),  but  vertically 
it  can  move  only  upwards.  However,  attached  to  the  head  is  a  little 
"periscope"  so  that  the  automaton  can  read  the  symbol  just  above  the 
head  without  moving  the  head  vertically  up.  For  our  purposes  it  suffices 
to  take  the  input  alphabet  to  be  of  size  two  (we  may  say  Z  =  [t,F]  ). 


The  relation  between  a  schema  Sf and.  the  corresponding  periscopic 
automaton  A  is  obvious.  An  interpretation  for  S  corresponds  to  an 
input  tape  for  A  ,  application  of  the  functions  f  ,  f  ^  and  g  in  S 
correspond  to  moving  the  head  of  A  right,  left,  and  up  respectively. 

It  is  the  test  p(g(y))  in  S  that  gives  the  automaton  A  its 
periscopic  vision.  It  is  then  easy  to  see  from  Theorem  3-7  that 

C orollary  C .  The  class  of  periscopic  automata  is  unsolvable. 

It  is  clear  from  this  (and  the  proof  of  the  theorem)  that  if  we 
provide  the  automaton  with  any  kind  of  periscope  at  all,  e.g.,  arbitrarily 
high,  inclined,  or  even  pointing  downwards,  but  not  just  horizontal,  (for 
that  is  equivalent  to  no  periscope  at  all),  then  the  problems  for  the 
automata  all  remain  unsolvable  (and  similarly  for  the  corresponding 
schemas) . 

We  say  a  periscopic  automaton  has  periscopic  vision  if  at  least  in 
one  state  it  tests  the  symbol  at  the  periscope.  An  automaton  without 
periscopic  vision  is  just  an  automaton  that  can  move  left,  right  and  up, 
but  not  down,  and  can  only  look  at  the  symbol  under  its  reading  head. 

Theorem  3.8  shows  that  the  decision  problems  for  such  automata  are 
solvable. 

Corollary  D.  The  class  of  automata  without  periscopic  vision  is 


solvable . 
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3-3‘b  Proofs 

>.3*^-.l  Proof  of  Theorem  3*5 

We  first  give  a  proof  of  the  solvability  of  the  inclusion  problem 
for  a  subclass  of  C,±  in  which  any  schema  contains  just  two  functions 

fi  *  f2  that  caimute>  and  one  predicate  p  for  which  the  only  tests 
allowed  are  of  the  form  p(y)  ,  and  halt  statements  have  the  form 
HALT(y)  .  We  will  then  give  the  proof  of  the  solvability  of  , 
which  will  be  on  lines  similar  to  the  first  proof. 

Proof  for  :  We  sketch  the  proof  for  the  inclusion  problem.  Given 

two  schemas  S;L  and  S2  of  q  ,  to  decide  if  S1  <  S2  .  Now,  without 
loss  of  generality  we  can  assume  that  both  S.,  and  S2  are  free,  for 
if  they  are  not,  they  can  trivially  be  made  free.  We  also  assume  that 
from  each  assignment  statement  in  Sx  and  S2  ,  a  halt  statement  can  be 
reached,  for  otherwise  we  can  replace  such  a,  statement  by  a  loop 
statement . 

Consider  the  class  $  of  interpretations  of  the  following  kind. 

The  domain  of  the  interpretation  is  the  set  of  strings 

F2  I  >  °}  c  •  The  functions  a  ,  f ± ,  f g  are  defined  as 

follows : 

a  is  Fi  F2  =  A 

fi(Fi  p2)  is  f,ri  p2 

f2^Fl  F2^  is  F1  F2+1 

The  predicate  p  is  arbitrary. 
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Interpretations  <9  play  the  same  role  for  the  class  <3,^  that 

Herbrand  interpretations  play  for  Herbrand  schemas.  If  we  associate  with 

any  interpretation  I*  an  interpretation  Iej  such  that  pfF1  F*h 

1  2y 

is  true  in  I  if  and  only  if  p(fa  f*j(a))  is  true  in  I'  ,  and 
consider  the  homomorphism  9:  I  -I*  mapping  F*  F^  into  the  element 

*j 

fl  of  I'  --  note,  by  the  commutativity  of  f^  ,  f  this  map 

is  onto  the  reachable  elements  of  I'  (that  is,  elements  that  can  be 
expressed  as  constant  terms) .  Then,  if  we  consider  the  computation  of 
a  schema  under  I  and  I*  ,  they  go  through  exactly  the  same 

sequence  of  statements  of  S  ,  and  the  values  of  the  variable  correspond 
(under  9  )  at  each  step. 

We  can  show  that  S1  <  if  and  only  if  <  S2  for  the  inter¬ 
pretations  in  <J  .  The  "only  if”  part  is  trivial.  For  the  "if"  part, 
suppose  S1  £  S2  .  Then,  for  some  interpretation  I'  ,  halts,  and 

S2  either  loops  or  halts  with  a  different  value.  Then,  if  we  consider 
the  computations  of  S.^  and  S2  under  the  interpretation  Iej. 
correspond-j ng  to  I'  ,  we  see  that  S1  halts,  and  either  loops  or 
halts  with  a  different  value  (by  the  existence  of  the  homomorphism 
9.  I  -*  I '  )•  Thus  S1  -k  S2  for  the  set  of  interpretations  ^  . 

Now,  given  two  schemas  S^S ,  to  decide  if  S±  <  S2  we  decide 
•-f  Si  5  s2  for  the  set  of  interpretations  s  .  We  construct  a  finite 

state  automaton  A  that  simulates  the  computations  of  both  S  and  S 

1  2 

(in  step)  for  an  interpretation  Iej  represented  by  the  input  tape  of  A 
The  tape  consists  of  two  tracks,  one  for  each  schema,  and  symbols  on  each 
track  are  from  the  set  [T,F]  representing  the  value  of  the  predicate  p 
applied  to  the  current  value  of  the  variable  y  .  it  is  the  responsioility 
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of  the  automaton  to  detect  whether  or  not  the  tape  represents  a 

feasible  interpretation.  At  any  instant  in  the  computations  of 

i,  j 

and  S2  ,  let  the  values  of  the  variable  y  be  in  S  ,  and 

^2  ^2 

F1  F2  S2  (s^Jlce  the  schemas  are  in  step  ij+j^  =  ^2+^2  ^ '  Let 

the  count  c  denote  i^-ig  •  count  is  zero,  the  predicate  p 

must  have  the  same  value  on  both  tracks,  else  the  values  on  the  tracks 
may  be  arbitrary.  The  automaton  A  accepts  an  input  tape  unless 
halts  and  does  not  halt  with  the  same  output  for  the  interpretation 

represented  by  the  tape.  Thus,  the  inclusion  problem  is  reduced  to  the 
problem  of  deciding  if  a  finite  state  automaton  accepts  all  input  tapes, 
'n  its  finite  memory  the  automaton  retains  the  following  data: 

(i)  the  current  (assignment)  statement  executed  by  S1  ,  and  by  S2  , 
and 

(ii)  the  value  of  the  count  c  provided  |c|  <  min(s  ,s  )  where  s  ,  s 
are  the  number  of  assignment  statements  in  S1  ,  Sg  . 

The  automaton  operates  as  follows: 

(1)  Read  the  input  tracks  (if  the  end-of-file  is  read,  accept  the  tape)  . 
If  c  -  o  and  the  tracks  read  (T,F)  or  (F,T)  then  accept  the 
tape  ("impossible"  interpretation). 

(2)  Using  the  values  of  p(y)  from  the  tracks,  "find"  the  next 
statements  (other  than  test  statements)  for  both  schemas. 

(3)  If  the  next  statement  for  is  a  halt  statement  then  reject  the 

tape  unless  c  =  0  and  S2  also  halts.  If  loops  then  accept 

the  tape . 
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(’r)  If  S2  halts  or  loops  on  the  next  statement,  reject  the  tape 
because  as  S±  js  free  (over  interpretations  in  S  )  it  can  bo 
made  to  reach  a  halt  statement  —  and  it  will  apply  at  least  one 
more  function  letter,  thereby  giving  a  different  output  from  that 
of  S2  . 

(5)  (Both  next  statements  are  assignment  statements.)  If  executes 
y  ^(y)  ^  Sg  executes  y  ♦-  fg(y)  then  increment  c  by  1  ; 

if  executes  y  -  fg(y)  and  Sg  executes  y  -  f  (y)  then 

decrement  c  by  1  ;  otherwise  leave  c  unchanged.  If  the  new 

value  of  |c|  exceeds  min(s^,  Sg)  then  reject  the  tape,  otherwise, 
go  to  (1) . 

The  reason  that  the  input  tape  can  be  rejected  if  |c|  exceeds 
min( ®i* Sg)  that  because  and  Sg  are  free  and  "independent" 
for  the  next  c  steps,  they  can  both  reach  halt  statements  without 
executing  any  statement  twice  (for  some  interpretation)  —  and,  of  course, 
the  outputs  can  be  equal  only  if  both  reach  halts  at  the  same  time  and 
c  =  0  ,  but  that  is  impossible  because  c  changes  by  at  most  one  in 
each  step. 

This  completes  the  proof  of  the  solvability  of  the  inclusion  problem 
(and  hence  also  of  the  halting,  divergence  and  equivalence  problems) 
for  . 

Proof  for  (2^  •  The  solvability  of  the  halting  and  divergence  are 

trivial  because  schemas  in  can  be  made  free.  This  can  be  done  by 

making  many  copies  of  the  schema,  one  for  each  partial  specification 
state  (see  the  notation  in  5-2.4).  A  partial,  specification  state 


for  schemas  in  ^  is  a  mapping  from  the  set  of  atonic  terms  p(T) 
such  that  |t  |  <  k  ,  into  {true,  false, unknown}  provided  it  is 
consistent,  i.e.,  it  obeys  commutativity  relations,  and  if  the  value 
of  y  is  T  ()  ,  then  |t()  |  >k  (for  the  initial  part  where  jr()|  <k, 
computation  is  done  by  expanding  the  schema  out  as  a  tree) . 

The  solvability  of  equivalence  follows  from  the  solvability  of 
inclusion  (below) . 

For  the  proof  of  inclusion  (S1  <  S2)  we  proceed  as  before  by 
constructing  an  automaton  A  that  accepts  its  input  tape  unless  S 
halts  and  Sg  does  not  halt  with  the  same  value. 

First  we  describe  the  canonical  interpretations  for  the  schemas. 

Given  B1  and  S2  over  unary  functions  f^...,^  and  predicates 

811(1  a  set  E  of  Pairs  of  function  symbols  that  commute,  we 
define  a  class  «J  of  interrelations  as  follows.  We  define  an 
equivalence  relation  on  strings  on  I  =  by  the  transitive 

closure  of:  x^E*  ,  ^  h  x2  if  ^  -  xg  ,  or  there  exist  i,  j  <  n 

such  that  {f^fjJeE  and  xg  can  be  obtained  from  x^.  by  interchanging 
an  occurrence  of  F.  with  an  adjacent  occurrence  of  p  .  The  domain 
of  an* interpretation  led)  is  the  set  of  equivalence  classes  of  strings 
of  E  (an  equivalence  class  is  denoted  by  [x]  where  x  is  a  string 
in  the  class) .  The  value  of  the  function  constant  a  is  [A]  f  and 
functions  f±, ...,fn  are  defined  in  the  obvious  way,  that  is 

where  the  dot  (.)  means  the  operation  of  concatenation,  and  the 
predicates  P]_^*’*^Pm  are  arbitrary. 


157 


We  note  the  following  property  of  the  domain  of  the  interpretation 

(*)  FieE  and  x>yeE*  >  then  x.Fi  h  y •Fi  if  and  only  if  x  =  y 

The  "if"  part  is  trivial.  For  the  "only  if"  part,  assume  x.F  =  v.p 

i  i 

and  trace  the  position  of  the  "rightmost"  F.  as  x.F.  as  transformed 

to  y.Fi  by  interchanging  symbols  (which  correspond  to  pairs  that  are 
elements  of  E  )  : 


x.Fi  =  xi  -  x2 


X  =  y.F. 
r  J  i 


Now,  if  we  consider  x',x x;  where  x-  is  the  same  as  x.  ,  but 
with  the  rightmost  F.  removed.  Now  it  is  easy  to  see  that 

x  =  x]_  “*  X2  •  -*  Xy  =  y 

that  is,  x  h  y  .  This  completes  the  proof  of  the  property  (*) . 

Also,  on  lines  very  similar  to  the  proof  of  we  see  that 

S1  -  S2  if  and  on^  if  Si  <  S2  for  the  interpretations  of  j  . 

We  can  now  describe  the  automaton  A.  Let  k  denote  max[|T|] 

of  all  terms  t  used  in  and  .  Now,  a  symbol  on  a  track  of  the 

input  tape  gives  the  values  of  all  p.(T)  for  all  t  such  that 

|t  |  k  lor  S-l  and  Sg  .  At  any  point  in  the  simultaneous  computations 
of  S1  and  S2  ,  let  the  variables  y  in  S1  and  S 2  have  values  {yi} 


and  [y^  ,  y;L  =  F.  F.  . .  .r  ,  and  y  =  F.  F.  , 

12  r  ^  ^1  ^2 


.F. 


Then  we 


define  the  "unsaturated  strings"  ,  x2  of  S1 ,  S2  as  follows:  set 

X1  yi  >  xp  *“  y2  '  Find  the  rightmost  symbol  F.  in  xn  that  is 

11 

common  to  both  x..  and  x  (if  one  exists),  say  x  =  x*  F  x" 

^  1  1  i  1  ’ 

X2  =  K2  Fi  x2  *  then  if  Fi  commutes  with  each  symbol  in  x"  and  in  x" 

1  2 

then  set  x1  -  x|  x'^  ,  xg  -  x^  ,  and  repeat  this  process. 

We  describe  the  proof  for  the  case  where  halts  are  of  the  form  UALG'(y 
The  general  case  HALT(t)  is  easy  to  incorporate  into  the  proof. 


Since  the  schemas  are  free,  any  statement  from  which  a  halt  cannot 
be  reached  is  replaced  by  the  loop  statement. 

In  its  finite  control  the  automaton  remembers 

(i)  the  current  (assignment)  statement  executed  by  and  S  , 

(ii)  for  both  S1  and  S2  ,  the  values  of  all  p^x)  for  all  non¬ 
constant  terns  x  such  that  |x  |  <  k-1  ,  and  for  all  constant 
terms  x()  such  that  jx() |  <k  ,  and 

(iii)  ^saturated  strings  x^x^E  such  that  X;L ,  xg  have  no  symbol 
in  common  and  Jxj  =  |x2|  <  minfs^s^+k  where  S;L  ,  s2  are 
the  number  of  assignment  statements  in  S1  ,  S2  . 

From  the  property  (*)  we  see  that  the  values  of  the  variable  y 
in  S1  and  Sg  are  equal  if  and  only  if  the  unsaturated  strings  x±  ,  xg 
are  both  A  .  if  there  is  some  symbol  common  to  both  x2  ,  then  we  can 
show  that  the  values  of  y  in  S1  and  S2  have  diverged,  never  to  come 
together  again.  To  show  this,  let  F.  be  the  rightmost  such  symbol  in 
X1  ,  and  suppose  it  is  "pushed"  as  much  to  the  right  in  both  x  and  x, 

1  ft 

as  possible.  If  it  cannot  reach  the  right  end  of  x±  (modified)  then 
the  modified  x^  ,  xg  have  the  form 

is  . . .  F.F  .  . . . 

1  i  J 

x  is  ...  F.  ... 

^  l 

where  F .  ,  F  do  not  commute  ({f  ,f  }^E)  and  F.  does  not  occur  to 

the  right  of  Fi  in  x2  .  Then,  by  extending  x1  ,  xg  to  the  left  we 

cannot  make  them  equivalent  for  the  order  of  the  rightmost  F  and  F 

1  j 

must  be ''-reversed  in  the  two.  On  the  other  hand,  if  F.  cannot  reach 

the  right  end  in  x2  we  have  a  similar  argument.  Hence  if  such  a  condition 
occurs  the  automaton  rejects  the  input  tape. 
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After  observing  this,  we  see  that  the  lengths  of  the  uncaturated 


strings  (jx^|  =  (x^))  can  by  at  most  one  in  any  step,  and  If 

Jx^j  =  e  >  k  then  the  two  schemas  are  "independent"  at  least  for  the 
next  (c-k)  steps,  so  that  if  c  exceeds  min(s^, s^)+k  the  automaton 
can  reject  the  input  tape  (see  the  argument  in  the  proof  for  <3^  ). 

We  use  the  specification  state  approach  of  Section  5.2.4.  We  note 
that  the  automaton  can  check  for  the  consistency  of  the  values  of  p(t) 
(given  on  the  input  tape)  for  the  two  tracks  using  the  same  argument  of 
unsaturated  strings,  and  that  halts  of  the  form  HALT(t())  can  be 
handled  in  a  straightforward  way;  from  which  we  conclude  that  the 
inclusion  problem  has  been  shown  to  be  solvable. 

The  proof  of  the  solvability  of  the  isomorphism  problem  for  3^  is 
similar  to  the  above,  except  that  it  is  much  simpler  since  unsaturated 
strings  can  never  be  anything  other  than  A  for  otherwise  the  schemas 
are  not  isomorphic . 


7> . 5 •  4 . 2  Proof  of  Theorem  5.^ 

Schemas  in  class  3  have  the  flavor  of  two-way  finite  automata. 

t . 

Applying  the  function  f  corresponds  to  moving  the  head  right,  applying 
corresponds  to  moving  it  left.  There  are  some  differences,  however. 

(i)  the  "input  tape"  is  two-way  infinite, 

(ii)  the  schema  outputs  values, 

(iii)  the  schema  can  test  predicates  on  terms,  and  there  are  functions 
other  than  just  f  and  f  ^  . 


Nevertheless,  a  proof  somewhat  similar  to  that  for  a  two-way  automaton 
works . 

Given  two  schemas  S^  and  of  <2^  having  functions 
f,f  jf^ •••>fn  )  define  the  class  j  of  canonical  interpretations  for 
and  Sg  as  follows :  the  domain  is  the  set  of  strings  of 

*  r  -I  -#■  _ 

2  =  IF,F  ,Flt  ...,Fn}  for  which  symbols  F  and  F'1  do  not  appear 

adjacent  to  each  other.  The  predicates  px, . . ,,pm  are  arbitrary.  As 

in  the  previous  section,  (respectively  and  are 

isomorphic,  S.^  halts,  S.^  diverges)  if  and  only  if  for 

interpretations  of  ,9  (respectively  S±  and  S2  are  isomorphic  for  «j  , 
halts  on  j  ,  S.  diverges  on  S  ) • 

(a)  Halting.  Given  a  schema  SeCg  ,  to  decide  if  S  halts,  we 
construct  a  finite  state  automaton  A  that  accepts  all  input  tapes  if 

and  only  if  S  halts.  The  automaton  A  simulates  the  computation  of  S 

on  an  interpretation  (from  3  )  represented  by  the  input  tape.  At  any 
point  in  the  computation  there  is  a  value  v  we  call  the  "pivot" 

element  it  is  an  element  of  £  whose  first  symbol  is  not  F  or 

“1 

F  .  For  any  element  x  of  £  ,  the  specification  state  (SS)  of  x  for 

an  interpretation  is  defined  to  be  the  values  of  all  p(t(x))  for  all 
terms  t(x)  for  which  |t(x)  |  <  k  where  k  is  the  depth  of  the  largest 
term  used  in  S  .  The  incomplete  specification  state  (ISS)  is  the  values 
for  all  |t(x) |  <  k-1  .  The  state  vector  is  a  label  (that  is 

executed)  along  with  an  ISS  .  A  symbol  on  the  input  tape  of  the  automaton 
represents  the  specification  states  of  a  pair  of  elements.  Consecutive 
symbols  give  the  specification  states  for  the  pairs 
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» 

(v,v)  ,  (F_1.v,F.v)  ,  ((F_1)2.v,F2.v)  ,  ((F_1)5.v,F3.v)  ... 

where  v  is  a  pivot  element)  --  until  the  pivot  element  is  changed,  (as 
determined  by  A  )  .  The  first  element  of  a  pair  is  called  the  left 

element,  the  second  the  right  element. 

t 

The  first  pivot  element  is  A  (corresponding  to  the  function 

constant  a  ).  The  automaton  works  as  follows.  It  retains  a  table  of 

"instances"  and  "outcomes".  For  both  the  left  and  the  right  value 

f, 

there  is  an  instance  of  the  variable  y  for  each  assignment  statement  L. 

1 

of  S  ,  which  corresponds  to  the  computation  if  is  exited  with  this 

value  for  y  .  In  addition,  there  is  one  primary  instance  which 
corresponds  to  the  real  computation  of  the  schema.  Let  ( (F_1)r.v,Fr.v)  , 
r  >  0  ,  be  the  current  elements,  with  v  as  the  pivot.  The  outcome  for 

each  instance  can  be  one  of  five  possibilities: 

ij 

(1)  halt, 

(2)  exit  (with  some  state  vector)  —  it  corresponds  to  an  execution 

of  an  assignment  y  -  f  (y)  (f,  is  not  f  or  f-1  ), 

(3)  out-left  (with  some  statement  )  --  it  corresponds  to  executing 

-1  -1  r 

:  y  •-  f  (y)  where  (the  old)  y  had  value  (F  )  ,v  , 

(h)  out-right  (with  some  statement  )  —  it  corresponds  to 

L^:  y  *-  f(y)  where  y  had  value  Fr.v  , 

(5)  diverge  --  the  computation  for  this  instance  either  enters  a  loop 

statement,  or  diverges. 
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out -left 

Instances 

primary  instance 
(real  computation) 
y^^  left 

(statement  exited 

with  value  (l,-1)r.v  ) 
yi  right 

(statement  exited 

with  value  Fr.v  ) 

In  its  finite  memory  the  automaton  has 

(i)  the  current  table  of  instances  and  outcomes* 

(ii)  the  incomplete  specification  states  (ISS)  of  the  next  pair  to 
read  in* 

(iii)  the  value  of  r  if  r  <  k  ;  and  the  value  r()  of  the  pivot 
element  v  if  |t()  |  <  k  . 

We  call  (i)  and  (ii)  the  complete  state  of  the  schema.  The  schema 
also  retains 

(iv)  all  complete  states  entered  for  the  current  pivot  element*  and 

(v)  all  state  vectors  for  all  pivot  elements  entered. 


out -right 
Outcomes 
halt 

exit  ISS 

out -left  L. 

1 

out -right 
diverge 
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9 


t 


9 


t 


f 


t 


The  reason  for  (iv)  is  that  if  the  complete  state  repeats,  the 
schema  can  be  made  to  diverge  with  the  primary  instance  making 
assignments  only  like  y  *-  f(y)  and  y  *-  f  ^(y)  .  The  reason  for  (v) 
is  that  if  the  state  vector  for  a  pivot  element  repeats,  the  schema  can 
be  made  to  diverge  because  pivot  elements  are  independent,  i.e.,  all 
information  regarding  previous  tests  is  "lost"  (except  the  ISS)  when 
an  assignment  like  y  »-  f  (y)  is  made. 

The  automaton  operates  as  follows: 

(1)  Read  the  specification  state  for  the  pivot  element.  The  13S  part  must 
match  the  required  ISS  (unless  this  is  the  first  element  --  A  )  -- 

if  not,  accept  the  tape,  otherwise  set  up  the  required  tables. 

(2)  If  the  primary  instance  halts  —  accept  the  tape. 

If  the  primary  instance  diverges  —  reject  the  tape. 

If  the  primary  instance  exits  then  we  have  a  new  pivot  element  -- 
if  its  ISS  repeats,  reject  the  tape,  else  go  to  step  (1) . 

If  the  table  repeats  --  reject  the  tape. 

(3)  Read  the  next  pair  of  predicate  states.  If  it  is  an  "impossible" 
interpretation,  accept  the  tape,  otherwise  update  the  tables  and 
go  to  step  (2). 

(b)  Divergence.  This  can  be  proved  like  the  halting  problem,  only 
the  automaton  is  simpler.  It  does  not  need  to  remember  the  information 
(iv),  (v) ;  instead,  it  simply  simulates  the  computation  and  rejects  the 
input  tape  if  the  primary  instance  halts,  and  accepts  it  if  the  inter¬ 
pretation  is  "impossible",  or  the  end-of-file  is  reached. 
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From  the  proof  it  follows  that  it  is  solvable  whether  or  not  a 
schema  would  always  diverge  when  any  new  pivot  element  is  entered  with 
any  specified  state  vector.  This  fact  is  used  in  the  proof  of  inclusion 
below . 

(c)  Equivalence.  The  solvability  of  equivalence  follows  from  the 
solvability  of  inclusion  below. 

(d)  Inclusion.  Given  two  schemas  S..,S  eC-  to  decide  if  S.  <  S  , 
we  construct  an  automaton  A  ,  similar  to  the  automaton  in  part (a),  such 
that  A  accepts  all  input  tapes  if  and  only  if  s  <  S2  .  The  automaton 
simulates  the  computation  of  all  instances  of  both  schemas.  The  possible 
outcomes  for  each  instance  are 

(1)  halt,  with  some  value  x  , 

(2)  exit,  with  some  state  vector  and  some  value  x  —  it  corresponds 
to  an  execution  of  y  -  f  (y)  where  f .  is  not  f  or  f"1  ,  and 
x  is  the  (old)  value  of  y  , 

(3)  out-left,  with  some  statement  L.  , 

l 

(4)  out-right,  with  sane  statement  L.  , 

l  ’ 

( 5)  diverge . 

The  automaton  need  not  (and  indeed  cannot)  remember  the  value  x 
for  all  halt  or  exit  outcomes;  it  suffices  to  remember  the  equivalence 
classes  of  outcomes  that  halt  or  exit  with  the  same  value,  and  the  values 
of  only  those  instances  that  halt  with  output  t()  ,  |t()  |  <  k  . 

In  its  finite  memory  the  automaton  stores  (as  in  the  proof  of  halting): 

( i)  the  table  of  instances  and  outcomes  for  both  and  Sp  , 

(ii)  the  incomplete  specification  state  of  the  next  pair, 
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(iii)  the  value  of  r  ,  if  r  <  k  ;  and  the  value  t()  of  the  pivot 
element  v  if  |t()|  <  k  . 

In  addition,  the  automaton  has  the  capability  of  storing 

(iv)  an  arbitrary  set  of  complete  states  of  (tables  of  instances 

and  outcomes  for  ,  and  ISS  of  next  pair)  .  This  is  required 
in  steps  2(iv)  and  4(iv)  below. 

For  simplicity  we  only  show  the  proof  for  schemas  in  which  a  halt  must 
ft  have  the  form  HALT(y)  .  The  general  case  HALT(t)  is  easy  to  incorporate. 

The  automaton  operates  as  follows .  On  seeing  an  end-of-file  it  accepts 
the  tape.  Otherwise  it  reads  a  pair  of  specification  states  from  the  tape, 

$  checks  if  they  match  with  the  known  incomplete  specification  states.  If  not, 

the  tape  is  accepted  ("impossible"  interpretation) .  If  they  match>  then 
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(iii)  if  Sg  exits  with  the  same  value,  continue  simulation  of 
both  Sx  ,  32  , 

(iv)  if  none  of  the  above,  then  continue  simulation  of  , 
constructing  the  set  of  complete  states  until  (i),  (ii), 

or  (iii)  above  apply,  or  a  complete  state  repeats,  in  which 
case  reject  the  tape, 

(5)  if  none  of  the  above,  continue  simulation  of  both  S1  and  S2  . 

This  completes  the  proof. 

(e)  Isomorphism.  An  automaton  is  constructed  as  in  case  (d)  above, 
except  it  also  keeps  track  (in  the  table  of  instances  and  outcomes)  which 
instances  undergo  isomorphic  computations.  Then,  the  automaton  rejects 
a  tape  if  the  computations  of  the  principal  instances  of  both  schemas 
are  not  isomorphic  at  any  step. 

3. 3. ^-3  Proof  of  Theorem  3.7 

To  show  the  unsolvability  of  schemas  in  r>^  }  we  reduce  the  halting 

problem  for  null-input  Post  machines  to  the  halting  and  divergence 

problems  for  C-  •  A  Post  machine  over  [a,b]  is  a  machine  operating 

on  strings,  and  having  the  following  statements: 

START (x) 

HALT 
LOOP 
x  «-  x.a 
x  «-  x.b 

if  x  =  A  then  goto 

else  if  head(x)  =  a  then  begin  x  *-  tail(x) ;  goto  Lg  end 

else  begin  x  «-  tail(x) ;  goto  end 
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where  ,  L2  ,  are  arbitrary  labels,  and  head(x)  represents  the 
first  symbol  of  x  ,  and  tail(x)  represents  the  rest  of  the  string  x  . 

Given  a  Post  machine  M  we  will  construct  a  schema  S  which  looks 
like  a  schema  of  <2^  except  it  has  special  statements  called  reject 
statements.  Replacing  reject  statements  by  halt  statements  gives  us  a 
schema  that  halts  if  and  only  if  the  machine  M  halts  on  input  A  , 
and  repxacing  them  by  loop  statements  gives  a  schema  that  diverges  if 
and  only  if  M  does  not  halt. 

The  idea  is  that  any  interpretation  for  S  can  be  represented  by  a 
grid  of  integer  nodes  in  a  half  plane  (doubly  infinite  along  the  x-axis) . 
The  constant  function  a  corresponds  to  the  origin;  applying  the  function 
f  corresponds  to  moving  right,  applying  f  corresponds  to  moving 
left,  and  applying  g  corresponds  to  moving  up.  At  each  node  we  have 
a  T  or  F  value,  corresponding  to  the  value  of  the  predicate  p  (see 
the  canonical  interpretation  for  the  class  in  Section  3. 5. 4.1). 


c(a) 

Of  (a) 

f_1(a) 

a 

f  (a) 

f2(a) 

The  schema  S  can  simulate  the  computation  of  M  on  this  plane 
as  follows.  It  uses  two  horizontally  adjacent  nodes  to  "code"  a  letter 
(either  a  ,  b  or  e  —  a  special  end  marker:  a  corresponds  to  TT  , 
b  to  TF  ,  e  to  F-  )  .  In  this  manner,  the  schema  will  "lay  off"  a 
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current  value  of  the  string  x  (of  M  )  in  one  row  of  nodes,  enclosed 
by  end-markers.  The  next  string  (after  M  executes  one  step)  will  be 
laid  off  on  the  next  higher  row.  The  schema  S  will  simply  check  this 
computation.  If  the  interpretation  doesn't  agree,  the  interpretation 
will  be  rejected. 

In  our  schema  S  we  will  allow  the  use  of  predicate  tests  of  the 
form  p(l(yj)  ,  p(g(f(y)))  >  etc.,  since  these  can  be  implemented 

using  only  the  allowed  statements  (  y  -  f(y);  p(g(y));  y  _  f_1(y) 

ior  the  test  p(g(f(y)))  ,  etc.).  The  correspondence  between  statements 
in  M  and  those  in  S  can  be  set  up  as  follows. 

We  first  define  the  macros 

CHECK  =  y  ~  ff  (y)  ; 

while  p(y)  do 

begin  P(y)  ®  p(g(y))  then  REJECT; 

if  P(f(y)  ®  p(gf(y))  then  REJECT; 
y  -  ff (y) ; 

end;  comments  represents  exclusive-or ; 

CHECKA  =  if  -i  p(g(y))  then  REJECT; 

if  1  P(gf (y) )  then  REJECT; 

CHECKB  =  if  -i  p(g(y) )  then  REJECT; 

if  P(gf(y))  then  REJECT; 

CHECKE  =  if  p(g(y))  then  REJECT; 

=  y  -  f"1f"1(y) ; 

while  p(y)  do  y  -  f'1f"1(y)  ; 


BACKUP 


The  correspondence  between  statements  in  M  and  those  in  S  : 


Statement  in  M 

Statements  in  S 

START (x) 

START  y  -  a; 

if  P(y)  then  REJECT; 

if  p(ff(y))  then  REJECT; 

HALT 

'  HALT(y) 

LOOP 

LOOP 

x  *-  x  .a 

CHECKE;  CHECK;  CHECKA; 
y  -  ff(y) ;  CHECKE; 

y  -  f~1f~1(y) ;  backup; 
y  -  g(y); 

x  -  x.b 

CHECKE;  CHECK;  CHECKB; 
y  -  ff(y) ;  CHECKE; 

y  -  f"1f"1(y)  ;  BACKUP; 

y  -  g(y) ; 

if  x  =  A  then  goto  L^ 

if  “i  P(ff(y))  then  goto  L^: 

else  if  head(x)  =  a  then 

if  p(fff(y))  then 

begin  x  -  tailfx) : 

begin  y  -  ff(y) ;  CHECKE; 

goto  L2; 

CHECK;  CHECKE;  BACKUP; 

end 

y  ~  gff(y); 

else  begin  x  -  tailfx^  : 

&£to  L2; 

goto  L^; 

end 

end 

else 

begin  y  -  ff(y')  ;  CHECKE. : 

CHECK;  CHECKE;  BACKUP; 

y  -  gff(y) ; 

goto  L2; 

end 
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This  completes  the  proof  of  the  unsolvability  of  the  halting 
problem  and  the  non-partial  solvability  of  the  divergence  problem  which 
in  turn  implies  the  non-partial  solvability  of  equivalence,  inclusion, 
and  isomorphism. 

3 . 3 . 1+ . 4  Proof  of  Theorem  3.8 

The  main  difference  between  a  schema  in  and  a  schema  in 

is  that  in  <\  >  after  an  assignment  statement  y  g(y)  the  subsequent 
path  of  computation  is  completely  independent  of  the  outcomes  of  earlier 
predicate  tests.  For  this  reason,  the  proofs  of  the  solvability  of 
halting,  divergence  and  isomorphism  of  <3g  also  work  for  • 

The  solvability  of  equivalence  follows  from  the  solvability  of 
inclusion  (below) . 

For  the  proof  of  inclusion  we  proceed  along  lines  similar  to  the 
corresponding  proof  in  Cg  .  But,  first  we  observe  that  any  interpre¬ 
tation  for  schemas  in  can  be  represented  as  a  half  plane  (as  in 

the  case  of  (3..  )  .  We  use  the  notion  of  "distance"  between  two  values, 
which  denotes  the  horizontal  distance  between  them  on  the  plane. 
Secondly,  from  cacti  statement  1,  :  y  -  g(y)  of  a  schema  15  wo  can 
decide  whether  or  not  S  must  loop,  and  if  not,  we  can  find  the 
shortest  number  of  steps  n^  in  which  S  can  be  made  to  halt  after 
executing  lu  . 

Now,  given  two  schemas  ,  to  decide  if  S1  <  ,  let  c 

denote  max^n^}  for  statements  L.^:  y  -  g(y)  in  S1  from  which  S1 
can  halt;  and  similarly  c^  is  for  Sg  .  We  construct  an  automaton  A 
that  simulates  the  computations  of  and  Sg  as  in  the  proof  for  Q, 
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However,  its  table  of  instances  and  outcomes  is  somewhat  different. 

It  keeps  track  of  the  "distance"  between  those  outcomes  that  exit 
provided  the  distance  is  no  more  than  c^+c^  ' 

The  rules  for  accepting/rejecting  an  input  tape  are  as  follows. 
If  an  end-of-file  or  an  "impossible"  interpretation  is  seen,  the  tape 


1 

r 


is  accepted.  Otherwise 

(l)  if  the  principal  instance  for  schema  diverges,  then  the 

tape  is  accepted, 


(ii) 


(3) 


(*0 


(iii) 

(iv) 


(i) 

(ii) 

(iii) 


if  Sx  halts  then 

if  halts  with  the  same  value  --  accept, 

if  Sg  halts  with  a  different  value  --  reject, 
if  Sg  exits  —  reject, 

if  none  of  the  above,  then  continue  simulation  of  Sg  and 
construct  the  set  of  complete  states  until  either  (i),  (ii) 
or  (iii)  above  applies,  or  a  complete  state  repeats  —  in 
which  case  reject  the  tape, 

if  exits  in  a  state  vector  (since  the  incomplete  specification 
state  is  null,  the  state  vector  consists  simply  of  one  label) 
from  which  0^  must  loop,  then  accept, 

if  exits  in  a  state  vector  from  which  it  can  halt,  then 

if  S0  halts,  then  reject, 

if  Sg  exits  with  a  value  more  than  c^+Cg  distant,  then  reject, 
if  S2  exits  with  a  value  distant  d  from  ,  d  <  c^+Cg  , 
then  the  next  symbol  read  must  be  a  "special  symbol".  If 
X1  ’  X2  are  va^-ues  with  which  exit,  then  we  have 

a  sequence  of  values 


172 


.} 


hUp)  Z 


0  jZi 


zd  '  e<X2> 


sueh  that  each  z.,.  =  f(z.)  or  each  z.,.. 

i+l  '  i'  i+l 

this  special  symbol  provides  the  values  of 
P(z1)jP(z2)j  ••■iP(zd_1)  • 


Then 


Q 


Exit 

S. 


Exit 


zo 

21 

Z2 

Zd 

X1 

X2 

□ 

U 


The  special  symbol  is  used  to  set  up  the  ii.  -lance-outcome 
table  again,  and  continue  simulation, 

(iv)  if  none  of  the  above,  then  continue  simulation  of  Sg 
constructing  the  set  of  complete  states  until  (i),  (ii),  or 
(iii)  above  apply,  or  a  complete  state  repeats,  in  whieh 
case  reject  the  input  tape, 

(v)  if  none  of  the  above,  then  continue  simulation  of  both  S-^ 
and  f>„  . 

The  .just.i  I'icatjoii  I'or  J|(ii)  above  is.  that  it  i!  ,  !>,,  exit  more 
than  e  ie(>  apart  Ii  |  ran  be  made  to  halt,  and  !!,,  w.il.L  either  .loop, 
or  can  independently  be  sent  to  halt  statement  with  a  different  value 
(under  some  interpretation)  . 

This  completes  the  proof. 
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Chapter  4  Generalized  Flowchart  Schemas 
4  .1  Introduction 

lanov  [  i960  |  considered  Uie  dufa-space  <>i‘  a  program  to  ho  represent- 
able  by  a  single  value,  that  could  be  changed  (by  applying  a  funcli on) 
or  tested  (by  a  predicate) .  These  base  functions  and  predicates  were 
assumed  to  be  total,  but  otherwise  completely  uninterpreted.  The  idea 
was  that  by  this  mechanism  one  could  model  the  control  structure  of 
computations  and  possibly  even  prove  some  useful  properties  about  real 
programs,  e.g.,  halting  and  equivalence.  Unfortunately,  the  problem 
with  this  simple  model  was  that  two  programs  which  computed  the  same 


value  for  all  possible  inputs  but.  went  about  their  task  in  slightly 
d.i  IMVront.  ways  were  treated  as  bring  non-equivalent  under  this  model  -- 


9 


t 


we  had  .lost  too  much  .information,  l'.i  rally,  by  making,  the  base  functions 
and  predicates  totally  uninterpret ed,  and  secondly,  by  treating  the 
whole  of  the  data  space  as  being  a  single  element  in  the  domain. 

The  latter  objection  was  partially  answered  by  Luckham,  Park  and 
Paterson  [1970]  when  they  treated  the  data  space  as  consisting  of  a 


finite  number  of  parts  whr.ch  could  be  manipulated  by  the  program. 

While  an  improvement,  this  modd.  too  could  not  usefully  represent 
computations  in  which  memory  requirements  increase  with  the  duration 
of  the  computation.  Also,  quite  basic  control  features,  e.g.,  markers 
were  missing.  Gubsequently  there  have  been  several  attempts  to  answer 
that  latter  objection  by  considering  the  subdivision  of  the  memory  into 
greater  and  even  greater  detail  --  labels,  label  stacks,  counters, 
markers,  boolean  variables,  one-  and  many-dimension  arrays,  lists,  etc., 
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have  boon  considered.  ‘L'hoi:o  may  ho  call wl  structural.  features,  arid  one 
can  construct  an  endless  number  of  those  --  stacks  of  arrays,  arrays  of 
stacks,  arrays  with  a  dynamic  number  of  arguments,  general  data  structures 
like  those  of  ALGOL  68,  and  so  on.  While  it  is  true  that  most  of  these 
do  not  add  any  "inherent"  power  to  the  schemas,  i.e.,  any  schema  in  one 
class  can  be  translated  into  an  equivalent  schema  of  another  class,  one 
cannot  be  completely  satisfied  with  a  "minimal"  class  since  the  aim  of 
the  study  of  schemas  is  to  model  computations,  not  just  to  obtain  a 
machine  capable  of  computing  the  partial  recursive  functionals.  This 
is  akin  to  the  similar  state  of  affairs  for  partial  functions  --  a  three 
counter  machine  (that  can  increment,  decrement,  and  test  a  counter  for 
being  zero)  can  compute  all  the  partial  recursive  functions,  and  yet  it 
is  hardly  a  good  model  for  computer  programs . 

Are  we  then  arguing  for  a  profusion  of  classes  of  schemas,  one 
for  each  subset  of  possible  data  types,  with  little  unifying  theory? 

No.  On  the  contrary,  it  would  be  quite  useful  to  construct  a  rather 
general  class  of  schemas  from  which  many  of  the  others  can  be  obtained 
as  subclasses. 

While  significant  effort  has  been  devoted  by  researchers  to  answer 
the  second  objection  to  Ianov's  model,  viz.,  the  problem  of  a  single 
data  space,  relatively  little  effort  has  been  devoted  towards  the  first 
objection,  i.e.,  that  one  loses  too  much  information  in  considering  all 
the  base  functions  and  predicates  to  be  uninterpreted.  One  would  like 
to  specify,  for  example,  that  two  functions  commute,  or  that  a  certain 
relation  is  transitive.  In  studies,  most  of  these  notions  have  not  been 
integral  parts  of  schemas  in  the  discussion  of  properties  of  classes  of 
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schemas,  but  they  crop  up,  in  an  ad  hoc  way,  when  a  specific  schema 
is  used  to  model  a  specific  program. 

It  is  our  intention  to  handle  these  two  basic  problems  in  a 
uniform  way,  viz.,  by  defining  the  class  of  generalized  flowchart 
schemas .  Generalized  schemas  have  the  inherently  sound  philosophy  of 
Ianov  that  the  complete  data  space  of  a  program  can  be  represented  as 
a  value  (in  some  domain)  but  that  operations  on  it  may  have  the  effect 
of  modifying  specific  parts  of  the  memory  while  leaving  others  unchanged. 
A  generalized  schema  S  =  <F,cp,P>  is  a  flowchart  F  (with  a  single 
variable),  an  attached  formula  cp  of  first  order  predicate  calculus 
with  equality,  and  a  set  P  of  function  and  predicate  symbols,  which 
corresponds  to  the  set  of  base  function  and  predicate  symbols  of  the 
schema.  The  relevant  interpretations  for  S  are  those  that  satisfy  cp  , 
not  all  possible  interpretations  (as  in  the  case  of  totally  uninterpreted 
base  functions  and  predicates)  .  We  show  that  generalized  schemas  have 
the  power  of  modelling  the  other  classes  of  schemas,  i.e.,  those  that 
concentrate  on  the  subdivision  of  memory.  The  other  dilemma  between 
the  completely  interpreted  programs  and  the  completely  uninterpreted 
program  schemas  is  satisfied  by  specifying  as  much  or  as  little  about 
the  interpretation  (by  the  formula  cp  )  as  may  be  desired  for  any 
specific  application. 

This  chapter  introduces  the  class  of  generalized  flowchart  schemas 
and  shows  some  of  the  possibilities  of  modelling  structural  subdivisions 
of  memory  and  other  useful  properties.  We  then  show  how  most  of  the 
classical  theory  of  schemas  can  be  represented  by  these  schemas,  and 

finally  we  prove  the  fundamental  theorem  of  maximal  schemas  that  states/ 

/ 

/ 

that  schemas  with  arrays  and  equality  tests  are,  in  some  sense,  a  maximal 


class . 


^ -2  Definition  of  Generalized  Schemas 
h.2.1  Basic  Definitions 

l’n  the  rest  of  this  chapter  whenever  we  say  "schema"  we  mean  a 
generalized  schema.  Sometimes  we  also  use  the  phrase  <p-schema  to  mean 
a  generalized  schema.  Schemas  of  the  earlier  chapters  will  be  called 
conventional  schemas . 

A  schema  S  =  (F,cp,P)  consists  of  a  flowchart  F  ,  a  formula  cp  of 
first  order  predicate  calculus  with  equality  and  a  finite  set  P  of  function 
and  predicate  symbols.  The  flowchart  F  has  a  very  specia,l  form.  There  is 
only  one  variable  (we  call  it  y),  and  statements  consist  of  the  following: 
Start  statement  START  y  *-  t() 

Halt  statement  HALT  (^(y)) 

Loop  statement  LOOP 

Assignment  statement  y  »-  x(y) 

Test  statement  if  a(y)  then  goto  L1  else  goto  L 2  , 

where  t()  represents  a  constant  term,  x(y)  represent,  any  term,  and 
a(y)  represents  any  atomic  formula,  i.e.,  a  predicate  or  equality  test. 

For  convenience  we  will  use  ALGOL-like  notation  instc  on  strict  flowchart 
notation.  We  hence  allow  the  use  of  labels  and  oto  statements,  with  the 
tacit  understanding  that  there  exists  no  cycle  consisting  entirely  of 
goto-statements . 

An  interpretation  I  for  a  schema  S  =  <F,(p,P)  is  one  that  specifies 
at  least  the  functions  and  predicates  used  in  F  ,  cp  and  P  .  But  the 
only  interpretations  of  interest  are  those  that  sc  iisfy  cp  --  we  write 
I  |=  <p  if  the  interpretation  I  satisfies  cp  ,  and  we  say  that 
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If  s  IS  a  schema  and  I  is  an  interpretation  for  S  ,  we  use  the 
»  notation  Dom(j)  to  mean  the  domain  of  the  interpretation,  and 

Val(s,1)  to  mean  the  output  of  the  computation  of  S  on  I  if  s 
diverges  on  I  then  Val(S,l)  is  undefined.  Similarly,  Path(S,l)  is 
»  the  path  of  the  computation  of  S  on  I  (for  an  exact  definition  of 

a  path,  see  Section  2.1.4).  Also,  if  S  =  <F,<p,P>  ,  we  use  the  notation 
2(S)_  to  denote  the  set  of  function  and  predicate  symbols  appearing  in  S 
9  i.e.,  in  F  ,  <p  ,  or  in  P  . 

Definition .  Given  an  interpretation  I  on  a  domain  Dom(l)  over  a 

p  S6t  °f  function  ***■  Predicate  symbols  Q  ,  we  define  the  subinterpretation 

I  of  I  with  respect  to  a  set  p  of  function  and  predicate  symbols  in 
the  following  way:  the  domain  Dom(l')  of  I'  is  the  smallest  subset 

p  °f  D°m(1^  closed  under  the  functions  in  P  n  Q  ,  and  the  values  of  the 

functions  and  predicates  of  P  f|  Q  are  the  same  in  I'  as  in  I  .  Note 
that  if  p  does  not  contain  any  zero-ary  function  then  the  domain 
I  Dom(l')  is  empty.  We  use  the  notation  i/p  to  represent  the  subinter¬ 

pretation  of  I  with  respect  to  P  . 

— ^niti°n-  A  schema  S  =  <F*«P,P>  is  said  to  be  well-founded  if  for 

every  two  interpretations  for  S  (i.e.,  and  lg  [=  <p  ) 

such  that  there  is  an  isomorphism  9  from  (i^P)  to  (ig/p)  f  then 

(i)  Path(S,I1)  =  Path(S,I2)  ,  and 

(ii)  if  the  computations  halt,  then  Val(S,Ig)  =  9(Val(S,I  )) 

The  significance  of  a  set  p  that  makes  S  =  <F,q>,P>  well  founded 
is  that  for  any  interpretation  for  S  ,  knowledge  of  merely  the  functions 
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and  predicates  P  is  sufficient  to  characterize  the  computation. 

Given  F  and  cp  ,  a  minimal  set  P  for  which  (F,cp,p)  is  well  founded 
represents  the  minimal  set  of  functions  and  predicates  whose  values  are 
sufficient  to  fully  characterize  a  computation.  If  only  the  values  of  a 
smaller  set  of  functions  and  predicates  are  fixed,  then  there  is  come 
indeterminacy  as  to  what  the  schema  will  do,  i.e.,  there  are  two 
interpretations  both  of  which  satisfy  cp  ,  and  also  agree  over  the  fixed 
values,  but  the  paths  of  the  computations  on  1^  and  Ig  are  different, 
or  the  outputs  are  different. 

We  will  only  be  interested  in  schemas  that  are  well  founded,  and 
in  the  rest  of  this  chapter,  all  schemas  considered  are  well  founded 
unless  otherwise  specified. 

I'.t  should  be  noted  that  if  G  (F,cp,P)  is  well  founded  and  ,  Ip 
are  interpretations  for  S  whose  sub-interpretations  with  respect  to  P 

are  isomorphic,  ther:  (a)  if  the  computation  of  S  on  1^  halts 

then  its  computation  on  I  also  halts  after  exactly  the  came  number 

of  steps,  and  (b)  the  outputs  of  the  two  computations  ValfS^,  1^)  and 

Val(S^,Ip)  are  elements  of  Dom(l^/p)  and  Dom(l0/p)  respectively. 

It  follows  from  the  definition  that 

(a)  given  any  F  and  cp  ,  if  we  let  Q  denote  the  set  of  function 
and  predicate  symbols  in  F  ,  then  <F, cp, Q)  is  well  founded. 

(b)  if  (F,cp,P)  is  well  founded,  and  Q,  is  any  set  such  that  P  c  Q,  , 
then  (F,cp,Q)  is  also  well  founded,  and 

(c)  if  cp  is  "false",  then  (F,cp,p)  is  well  founded  for  all  F  and  P  . 

It  is  also  easy  to  see  that  in  general  it  is  not  partially  solvable 
whether  a  schema  S  is  well  founded.  This  follows  directly  from  the 


t •\ct  (intuitively  plausible  to  all  schematologists,  and  proved  in 
Lection  4.5)  that  the  divergence  problem  for  cp-schemas  is  not  partially 
solvable.  The  unsolvability  of  well  foundedness  should  not  shock  us 
unduly.  The  corresponding  problem  for  conventional  schemas,  too,  is 
not  partially  solvable.  For,  consider  a  conventional  schema  S  with  a 
statement  HAlT(b)  where  b  is  a  zero-ary  function  not  used  in  the 
rest  of  S  .  Now  we  ask  if  the  computation  of  S  can  be  specified  if 
we  give  an  interpretation  for  S  ,  but  refuse  to  specify  the  value  of 
the  zero-ary  function  b  .  If  the  HALT(b)  statement  happens  to  be 
disconnected  from  the  rest  of  S  ,  the  answer  is  yes,  but  in  general 
it  is  unsolvable. 

The  correspondence  between  conventional  schemas  and  generalized 
schemas  can  be  represented  by  the  following  table. 


Conventional  schema 

The  total  data  space 

Functions  and  predicates 

Interpretation 

The  structure  of  the  data 
space,  and  totally 
interpreted  features 
(like  counters) 


cp-schema 

The  variable  y 

The  set  P 

(I/P) 

Predicates  and  functions  other 
than  those  in  P  ,  related  by 
the  formula  cp  . 


This  also  shows  why  we  are  interested  only  in  the  well  founded  schemas; 
for,  in  a  conventional  schema,  if  we  specify  only  the  values  of  a  subset 
of  the  base  functions  and  predicates,  it  may  not  be  adequate  to  characterize 
the  computation,  and  this  represents  an  ''incompleteness"  in  the  schema. 

A  schema  S  =  (F,cp,P)  halts  for  an  interpretation  I  if  the 
computation  of  the  flowchart  F  under  I  reaches  a  halt  statement. 
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A  schema  (F,cp,P)  is  said  to  halt  if  it  halts  for  every  interpretation 
I  for  S  (i.e.,  I  |=  cp  )  .  Similarly,  a  schema  is  said  to  diverge 
if  for  every  I  for  S  the  schema  does  not  halt.  A  schema  S  is 
free  if  for  every  path  K  in  S  there  is  an  interpretation  I  for  S 
such  that  K  =  Path(S,l)  . 

In  the  special  case  where  cp  is  "false",  the  useless  schema 
(F,  false,  P)  both  halts  and  diverges  as  there  is  no  I  for  which 
I  |=  false  .  In  the  other  special  case  where  cp  is  "true"  the  schemas 

so  obtained  are  the  conventional  one-variable  schemas,  i.e.,  Qj(  1  var) _ 

these  are  very  similar  to  the  Ianov  schemas  except  that  in  Ianov  schemas 
the  assignments  and  tests  are  somewhat  simpler. 

This  describes  the  class  of  generalized  schemas.  We  can  take 
interesting  subclasses  of  these  schemas  by  restricting  the  kinds  of 
flowcharts  and  the  formulas  cp  allowed.  In  fact,  by  specifying  cp 
we  can  obtain  schemas  that  behave  as  if  the  schemas  had  several  variables 
(conventional  n-variable  schemas),  or  counters,  or  pushdown  stacks,  or 
other  structural  features.  In  each  case,  however,  the  single  variable  y 
corresponds  to  the  entire  data  space  of  the  schema.  We  will  consider 
this  aspect  in  Section  4.4. 

4.2.2  Some  Examples 

We  now  give  some  simple  examples  of  generalized  schemas. 

I'ixample  1 

Consider  the  schema  S  =  (F  ,cp  ,P  )  .  There  are  two  zero-ary 

cl  cl  cl  0,  u 

functions  aQ  ,  a^  and  two  binary  functions  f+  ,  f .  .  The  formula  cp& 
is : 
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V  al 

A  VxVyf+(x,y)  =  f+(y,x)  A  f*(x,y)  =  f.(y,x) 

A  VxVyVzf+(f+(x,y),z)  =  f+(x,  f+(y,z))  A  f.  (f.  (x,y),  z)  =  f.(x,f.(y,z)) 

A  Vx  f+(x,aQ)  =  x  A  l.(x,a  )  =  x 
A  Vx3y  f+(x,y)  =  aQ 
A  Vx  (x  f2  aQ)  -  3yf.(x,y)  =  a.± 

A  YxVyVzf.  (x,f+(y,z))  =  f+(f.(x,y),f.(x,z)) 

A  f.(f+(x,y),z)  =  f+(f.(x,z),f.(y,z))  . 

The  flowchart  F  is: 

a 

START  y  -  a.  ; 

while  y  /  aQ  do  y  -  ^(y^) ; 

HALT  (aQ)  , 

and  the  set  P  is  (a, ,  ft  }  . 

An  interpretation  for  the  schema  S  is  a  commutative  field. 

The  schema  halts  if  and  only  if  the  characteristic  of  the  field  is 
finite.  Note  that  the  zero-ary  function  a^  is  not  in  PQ  ,  but  the 
schema  is  well  founded. 

Example  2 

Consider  the  schema  S^  =  (F^,cp^,P^)  .  has  one  zero-ary 

function  a  ,  three  unary  functions  f  ,  car  ,  cdr  ,  one  binary  function 
cons  ,  and  one  unary  predicate  p  . 
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q>b  is  Vx  Vy  car(cons(x,y)  =  x  a  cdr(cons(x,y))  =  y  , 

Fb  is  START  y  *-  cons  (a,  cone ( f(a)  ,a) )  ; 

Lx:y  -  eons (ff (car (cdr(y))),y) ; 
if  p(car(y))  then  HALT(car(,y) )  ; 
y  -  cons(f(car(cdr(y))),y) ; 
if  -i  p(car(y) )  then  HALT(car(y)) ; 
goto  1^  , 

and 

Pb  is  (a,f,p)  . 

The  schema  halts.  In  fact,  the  output  of  Sc  on  any  interpretation  I 
can  be  given  by  the  following  formula: 

Val(Sb,l)  =  if  p( f^(a) )  then  l^(a) 

else  if  -i  p(f(a))  then  f(a) 
else  if  p(f^(a))  then  f^(a) 

else  if  -i  p(f^(a))  then  f^(a) 
else  if  p(f^(a))  then  f^(a) 
else  f  (a) 

The  notion  of  the  equivalence  of  the  two  schemas  will  be  defined  in  the 
next  section  but  intuitively  the  schema  Sb  is  "equivalent",  in  some 
sense,  to  the  schema  Sc  =  defined  below  (we  use  the 

p 

abbreviation  f  (a)  for  ff(a)  ,  etc.): 
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(R  is  true 

c 

F  is  START  y  -  a; 

if  p(f5(a))  then  ILALT(  f'  (a) )  ; 
if  -i  p(f(a))  then  HALT(f(a))  ; 
if  p(f5(a))  then  HALT(f5(a))  ; 
if  -i  p(f‘~(a))  then  HALT (f2( a)); 
if  p(f7(a))  then  HALT (f7 (a))  ; 
HALT(f5(a))  , 

and 

Pc  is  [a,  f,p]  ,  i.e.,  the  same  as  . 


4 .3  Equivalence  of  Schemas 
4. J.l  Introduction 

What  does  it  mean  to  say  that  two  schemas  S^  and  S?  are 
equivalent?  Saying  S^  and  SQ  are  equivalent  means  that  the  outputs 
of  S^  end  S?  should  be  the  same  if  both  schemas  are  made  to  compute 
on  the  same  interpretation.  However,  there  is  one  point  that  this  simple 
notion  overlooks.  Tt  is  that  all  relevant  interpretations  for  the  first 
schema  need  not  be  the  same  as  all  the  relevant  interpretations  for  the 
second  schema,  as  in  the  case  of  Example  2  in  the  previous  section  where 
the  functions  car  ,  cdr  and  cons  represented  structural  features  in 
S,  which  were  absent  in  S  .  The  values  in  the  domain  of  an  interpre- 

D  C 

tation  for  a  schema  represent  the  data  space  of  the  schema,  and  correspond 
to  both  the  structural  and  the  non-st ructural  aspects.  However,  it  is 
only  the  non -structural  aspects  that  are  crucial  for  the  definition  of 
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equivalence.  It  is  precisely  this  dichotomy  between  the  structural  and 
the  interpretive  aspects  of  a  schema  that  dictates  a  little  care  in 
the  definition  of  equivalence.  This  problem  does  not  arise  in  conventional 
schemata  theory  because  these  two  aspects  of  schemas  are  well  segregated, 
and  it  is  because  we  wish  to  give  a  unified  treatment  that  we  are  forced 
to  confront  the  issue. 

fc.5.2  Definitions 

We  remark  again  that  all  schemas  considered  below  are  assumed  to  be 
well  founded. 

Definition.  We  say  that  two  schemas  S1  =  and  Sg  =  (Fg,<Pg,P0) 

are  compatible  if  P.^  =  P^  . 


Definition. 

if: 

SP  - 

<F2,cp2,p)  is 

a  generalization  of  S  =  (F  .©  .P'i 

*  -i-  _L 

VI1 

for 

S1 

i.e.,  ix  |= 

*1 

ai2 

for 

S2 

i-e.,  I2  |= 

<P2  and 

3  an 

isomorphism  9:  (I  /p)  • 

*  (I2./P) 

such 

that 

if 

halts  on 

1^  t’.en  Sg  also  halts  on  Ig  and 

Val(S2,I2)  =  Q(Val(S1,I1))  ;  and  if  Val(S1,I1)  is  undefined  then 
Val(S2,I2)  is  also  undefined. 

If  S2  is  a  generalization  of  we  write  S  <  . 

gen 

Note  that  the  definition  of  well  foundedness  implies  that  for  any 
interpretation  1^  for  ,  if  there  exist  two  interpretations  I  ,  iv 
fur  S2  whose  subinterpretations  over  P  are  isomorphic  to  (i  /p)  ,  i.e.. 
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V  <VP> 

~  (Ig/P) 

c 

o 

and 

Qy  (VP) 

"  (Ij/P)  > 

then  if 

Val(S2,I2) 

=  9?(Val(G1,I1) 

0 

then 

Val(S2,I2) 

=  93(Val(S2,I2)  . 

/ 

/ 

It  is  clear  from  the  definition  that  generalization  is  reflexive 


and  transitive. 


Definition.  S  5  =  (F,^,cpo,P)  includes  (is  at  l^ast  as  defined  as) 

S-l  =  <F1,q>1,P>  if: 

(i)  VI-j^  for  ,  3l0  for  S,  and  3  an  isomorphism 

9:  (1-j/P)  (Ig/P)  such  that  if  halts  on  1^  then  S,.  also 

halts  on  ,  and  Val(S2,I2)  =  9(V&1(S1,I1))  ,  and 

( ii)  Ylg  for  S2  ,  31^  for  and  3  an  isomorphism 

9:  (i-j/p)  -  (l2/P)  such  that  if  S.^  halts  on  1^^  then  S2  also 

halts  on  Ip  ,  and  Val(S2,I2)  =  9( Val^,!^)  . 


If  S  includes  S1  we  write  <  S2  . 


Definition.  We  say  that  two  compatible  schemas  and  S0  are 

equivalent  (S1  s  S,)  if  S1  <  S?  ,  and  Sp  <  S_L  . 

-  gen  gen 

Alternatively,  =  S2  if  and  only  if  S.^  <  S2  ,  and  S p  <  S.^  . 


We  should  now  ask  what  is  the  significance  of  our  definitions  of 
generalization,  inclusion,  and  equivalence,  and  whether  the  definition 
of  equivalence  corresponds  to  the  usual  notion  of  equivalence.  These 


186 


> 


xmmmm- 


questions  will  become  clearer  in  Section  4.4  where  we  model  several 
conventional  classes  of  schemas  by  subsets  of  the  cp-schemas. 

We  may  note  here,  however,  that  the  notion  of  "generalization"  is 
not  immediate  in  conventional  schemas,  but  it  goes  something  like  this  -- 
say  two  schemas  (or  computer  programs)  have  been  written  to  compute 
some  mathematical  function,  but  the  first  of  these  schemas  does  not 
compute  it  for  all  possible  cases  as  the  second  one  does.  Then  we 
would  say  that  the  second  schema  is  a  generalization  of  the  first.  As 
an  example,  suppose  we  want  to  compute  the  gamma  function,  rounded  off 
to,  say,  ten  decimal  places.  One  way  of  doing  it  is  by  computing  the 
factorial  function,  in  which  case  the  program  would  work  correctly  for 
the  positive  integers.  Another  way  is  to  use  any  of  the  converging 
series  lor  the  gamma  function,  We  would  then  say  that  the  second  program 
(or  schema)  is  a  generalization  of  the  first. 

4.5.jJ  Examples 

1.  Consider  the  schemas  Sb  ,  {5  of  Section  4.2.;?.  We  have 


Consider 

the 

schema 

sd  = 

<fd' 

<?d>pd)  whcre 

*d 

is 

Vx  f+(x, 

ai) 

=  ai 

“  (*  -  a0)  , 

Fd 

is 

START  y 

~ai 

5 

while  y 

^  ao 

do  y 

-  f+(y'ai) ; 

HALT(a0) 

} 

and 

Pd 

is 

tai>  f+  3 

• 

107 


f 


z 


C; 


t 


Comparing  Sd  with  the  schema  a  (of  Section  t.2.2)  we  see  that 


3  <  S, 

a  -  d 
Gen 


f 


but  not  Sd  <  Sa  ,  because  the  characteristic  of  a  commutative 
gen 

field  must  be  a  prime  (if  it  is  finite),  i.e.,  if  i  is  an  interpre¬ 
tation  for  Sd  such  that  aQ  =  a±  ,  or  aQ  =  ^(^(^(a^a^a^a^  f 
(ap> aj_)  etc.,  then  there  is  no  interpretation  I  for  S  such 
that  lj  [a1,  f+  ]  is  isomorphic  to  Id/{a1,f+]  .  Hence  Sd  is  a 

strict  generalization  of  (we  write  S  <  )  .  Note  that  th« 

a  ad 

gen 

notion  of  generalization  is  not  synonymous  with  usefulness,  for  it  may 
be  argued  that  is  more  useful  than  Sd  .  The  notion  of  generaliza¬ 

tion  is  more  akin  to  the  notion  of  subset  in  the  theory  of  languages, 

where  any  language  over  an  alphabet  £  is  a  subset  of  the  regular 
* 


language  £  . 


Classes  of  Schemas 
H . h . 1  Introduction 

We  now  show  how  most  conventional  flowchart  schemas  can  be 
represented  as  generalized  schemas  (cp-schemas) ,  and  demonstrate  that 
many  of  the  well  known  results  regarding  the  power  of  classes  of  schemas 
apply  cp-schemas  as  well.  In  fact,  it  even  turns  out  that  formalizing 
a  schema  as  a  (p-schema  sometimes  reveals  some  point  overlooked  when 
talking  about  schemas  in  an  informal  way.  To  illustrate,  suppose  we 
wish  to  define  conventional  schemas  with  lists,  and  we  introduce  the 
prirt  itives  car  ,  edr  ,  cons  ,  A  >  and  atom  ,  and  allow  their  free  use 
in  schemas  (see  also  Morris  [.1972]),  then  we  would  find  that  we  cannot 
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prove  the  well  foundedness  of  the  corresponding  generalized  schema.  The 
reason  is  that  certain  error  conditions  may  be  encountered  where  the 
computation  is  not  well  defined,  e.g.  in  attempting  to  take  the  car 
of  A  of  or  an  atom  .  This  accounts  for  our  careful  definition  of 
list  schemas  in  Section  2.1.2.  The  notation  <3( n  va.r)  ,  C()  ,  &(=)  , 

<3(pds)  ,  <3(list)  ,  (3(A)  ,  etc.,  for  conventional  schemas  (described  in 

Section  2.1)  will  also  be  used  for  the  corresponding  cp-schemas.  In  fact, 
we  will  call  u  <p-schema  correspjnding  to  a  conventional  schema  a 
conventional  <p- schemas . 

We  first  define  the  notions  of  generalization,  inclusion  and 

equivalence  for  partially  interpreted  conventional  schemas  (in  what 

follows  we  will  consistently  use  the  superscript  *  for  conventional 

schemas,  for  interpretations  for  them,  and  xor  classes  of  conventional 

schemas)  .  S(S  )  denotes  the  set  of  function  and  predicate  symbols 
*  . 

in  S  .  We  say  I  is  for  P  (where  P  is  a  set  of  function  and 
predicate  symbols)  if  I  specifies  at  least  all  the  functions  and 

predicates  in  P  .  We  use  I  for  G  ,  P  to  denote  (l  for  G  ) 

and  (]  for  1’)  . 

j  G0  (let  P  denote  X!(G^)  U  X(0o)  ):  VL^  for  G*,P 
X  gen 

3 1  for  S2,P  30:  (i^/p)  ~  (l2/P)  s.t.  either  both  Val(S^,I1) 

and  Val(S2,I*)  are  undefined,  or  else  Val(S2,I*)  =  0( Val(S*,I* ) )  . 

S*  -  S2  (let  P  (ieno'te  “(sp)  U  I(S*)  : 

(i)  Vi*  for  S*,P  31*  for  S*,P  s.t.  39:  (l*/p)  «  (l*/P)  , 
and  if  Val(S2,I2)  is  defined  then  Val(S2,I*)  = 
e(Val(S*,I*))  , 
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and  (ii)  VI*  for  S*,P  3l*  for  S*,P  s.t.  39:  (l*/P)  ~  (l*/P)  , 

and  if  Val(S^,  1^)  is  defined  then  Val(S2,I?)  =  9(Vnl(Sp,Ip) ) 

^  *K'  X- 

Sp  =  Sp  if  Sp  >  Sg  and  >  Sp  ;  or  alternatively,  if 

- -  gen  gen 

S*  >  and  S*  >  S*  . 

i  —  c.  d  —  1 

We  had  not  defined  the  notion  of  generalization  for  conventional 
schemas  before,  but  it  can  be  checked  that  the  above  definitions  for 
inclusion  and  equivalence  are  the  same  as  the  earlier  definitions  for  the 
schemas  considered  in  Chapters  1-3 .  The  earlier  definitions,  however, 
do  not  apply  to  "arbitrary"  partially  interpreted  conventional  schemas. 

The  translation  of  conventional  schemas  to  cp-schemas  will  be 

performed  as  follows.  In  the  cp-schemas,  symbols  used  for  the  base 

functions  and  predicates  (corresponding  to  those  in  the  conventional 

schemas)  are  distinguished  from  those  used  for  the  interpreted  features. 

.  * 

Given  a  conventional  schema  G  over  the  base  functions  and  predicates 
P  ,  we  construct  a  flowchart  F  and  a  formula  cp  such  that  the 
corresponding  qp-schema  is  S  =  <F,cp,P)  .  Next,  given  a  class  Q,  of 

conventional  schemas,  the  corresponding  class  <3,  of  cp-schemas  is 

-X-  -X- 

constructed  as  follows:  if  S  f<2-  ,  then  the  corresponding  S  =  (F,Cp,P) 
is  in  C,  ,  and  so  are  schemas  (F,CP,P'>  where  PcP'  ,  but  P'  may 
contain  sane  new  function  and  predicate  symbols.  The  reason  for  this 
is  that  if  we  wish  to  compare  (for  inclusion  or  equivalence)  two 
conventional  schemas  whose  corresponding  cp-schemas  are  (Fp,CPp,Pp)  and 
(F2,^2,P-d)  ,  it  is  possible  that  Pp  /  P  ;  hence  we  will  compare, 
instead,  <Fp,CPp,Pp  U  P2>  with  <F2>VP1UP2> 

After  we  describe  the  translation  of  conventional  °chemas  to  cp-schemas 
we  can  then  go  about  reproving  most  of  the  results  regarding  conventional 
schemas  in  the  cp-schema  formalism.  However,  much  of  this  work  can  be 
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avoided  if  the  translation  process  obeys  the  conditions  of  the  basic 

translation  lemma  below.  The  lemma  says  that  if  certain  conditions  are 

satisfied  then  many  of  the  interesting  results  for  conventional  schemas 

carry  over  to  <p-schemas  as  well. 

* 

Let  S  be  a  conventional  schema,  and  let  its  statements  be 
s0>si>***>sk  •  A  statement  can  be  of  "type'  —  start  ,  halt  ,  loop  , 
assignment  ,  or  test  .  The  flowchart  F  of  the  corresponding  <p  -schema 

S  =  (F,<p,P)  will  have  one  statement  corresponding  to  each  statement 

*  * 
in  S  ,  and  the  types  match,  and  P  =  E(S  )  .  For  convenience,  we  will 

call  the  statements  in  F  by  the  same  names  as  those  in  S  ,  i.e., 

SqJ s^, • • . , s ^  • 

The  conditions  for  the  basic  translation  lemma  are  the  following 
(we  use  the  notation  1^  **  to  denote  "1^  and  I^  are  isomorphic") 


1. 

S  is  well  founded. 

.  • 

(For  individual  schemas) 

Let  P+  =>  P  =  E(S*)  . 

(a) 

VI.  for  P.  if  3i  for 

S  s.t.  (I/P)  ~  (I+/P)  then 

3^  for  S,P+  s.t. 

(I1/P+)  ~  (I+/P+)  . 

(b) 

Vi*  for  P+  if  3 1*  for 

S*  s.t.  (l*,p)  -  (l*/p)  then 

3l*  for  S*,P+  s.t. 

di/p+)  -  (i*/p+)  • 

1  • 

(For  the  translation  process) 

(a) 

VI  for  S  3l*  for  S* 

s.t.  39:  (l*/p)  ^  (i/P)  and 

Path(S,l)  =  Path(S*,I*) 

,  and  Val(S,l)  =  0(Val(S*,I*))  : 

both  are  defined. 

(b) 

VI*  for  S*  3 I  fcr  S 

s.t.  39:  (I*/P)  -  (i/p)  and 

Path(S,l)  =  Path(S*,I*) 

,  and  Val(S, i)  =  0(Val(S*,I*)) 

if  both  are  defined. 


» 
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3.  (For  classes  of  conventional  schemas)  Interpolation  lemma. 

,  if  S-^eC^  >  y  —  Sg  then 

3SjC£*  s.t.  S*  -  S*  ,  £(S*)  =  E(S*)  . 

It  is  easy  to  see  that  for  uninterpreted  conventional  schemas, 

2(a)  follows  from  2(b)  owing  to  the  well  foundedness  of  S  .  To  see 

that  this  is  indeed  the  case,  let  I  be  any  interpretation  for  S  . 

Then,  as  S  is  uninterpreted,  there  is  an  I  for  S  such  that 

I  /F  is  isomorphic  to  l/P  ,  i.e.,  there  is  an  isomorphism 
* 

9*  (I  /p)  «  (l/P)  •  Now,  from  part  2(b),  there  is  an  interpretation  I 
for  S  such  that  9^  (I*/P)  -  (I^/P)  ,  and  Path(S,I1)  =  Path(S*,I*)  , 

-K-  * 

and  Val(S,I1)  =  ©^(Val(S  ,1  ))  .  But  from  the  well  foundedness  of  S  , 
as  9^9  1:  (i/p)  -  (i-j/P)  ,  we  have  Path(S,l)  =  Path(S,I1)  ,  and 
Val(S,I1)  =  9.^9  ^(Val(S,l))  ,  from  which  the  desired  result  follows, 
i.e.,  Path ( S , I )  =  Path(S*,I*)  ,  and  Val(S,l)  =  9  •  9"1  •  91(Val(S*,I*) )  = 
9(Val(S*,I*) )  . 

If  we  can  prove  the  above  condition  to  hold  in  the  translation 
process,  then  the  following  consequences  apply. 

For  individual  schemas 

(1)  S  halts  if  and  only  if  S  halts,  and  in  general,  S  halts  on  I 
if  and  only  if  S*  halts  on  (i/p)  . 

(2)  S  diverges  if  and  only  if  S  diverges,  and  in  general,  S 

diverges  on  I  if  and  only  if  S*  diverges  on  (l/P)  . 

(3)  If  Z(S*)  =  Z(S*)  then  S  <  iff  S*  <  S*  . 

gen  L  gen  d 

(h)  If  Z(S*)  =  Z(S*)  then  Sx  <  Sg  iff  S*  <  S*  . 

(5)  If  Z(S*)  =  Z(Sg)  then  S]_  s  Sg  iff  S*  =  S*  . 
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(6)  S  is  free  iff  s*  is  free. 

For  classes  of  schemas 

(7)  \  <  C*2  iff  \<(£>  • 

(8)  iff  a*  ~  c* 

(9)  The  halting  problem  (respectively  divergence,  equivalence,  inclusion 
problem)  is  solvable  for  £  if  and  only  if  it  is  solvable  for  C*  . 

For  a  proof,  see  Section  k.6. 

In  our  translations  from  conventional  schemas  to  <p-schemas  we  show 
that  the  basic  translation  lemma  applies  by  proving  part  2(b)  above, 
by  induction  on  the  number  of  steps  in  the  computation.  This  is  done  as 
follows.  Given  an  interpretation  I*  for  S*  ,  we  construct  an  inter¬ 
pretation  I  for  S  such  that  (I  /P)  is  isomorphic  to  (i/P)  ,  and 
we  define  a  function  6:  M  -*  Dam (I)  where  M  is  the  set  of  possible 
configurations  of  the  data  space  (memory)  of  S  .  Then  we  show  that  at 
each  step  in  the  computations  of  S*  and  S  ,  the  configuration  of  the 

-X- 

data  space  in  S  and  the  value  of  the  variable  y  of  S  are  related 
by  the  function  5  . 

^•^•2  Flowchart  Schemas 

k.U.2  One -Variable  Schemas 

For  Tanov  schemas,  and  general  one-variable  flowchart  schemas  with 
equality  tests  (but  without  boolean  variables),  the  translation  to  cp-schemas 
is  trivial.  Given  a  one-variable  schema  S  the  corresponding  cp-schema 
is  S  =  <F,true,P)  ,  where  F  is  identical  to  the  flowchart  of  S*  . 

Proving  that  the  basic  translation  lemma  applies  in  this  case  is 
also  trivial.  Since  the  set  P  of  functions  and  predicates  in  S*  is 
the  same  as  the  set  of  functions  and  predicates  of  S  ,  S  is  well 
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founded.  Now,  given  an  interpretation  I*  for  S*  ,  choose  I  to  be 
, ,  * 

the  same  as  I  ,  then  the  set  of  memory  values  of  S  is  just 
Dom(l  )  ,  and  by  choosing  6  to  be  the  identity  function  we  see  that 
the  condition  of  the  basic  translation  lemma  is  satisfied. 

b.k.2.2  n-variable  Schemas 

Given  an  n-variable  flowchart  schema  S*  with  variables 

yl'y2*  *  ‘  "■,yn  ’  no  tloolean  variables,  and  predicates  and  functions  P  , 
to  construct  S  =  (F,cp,  P>  ,  we  add  (n+l)  new  functions: 
comb, v^,  v^,  •  • ., v^  .  The  formula  cp  is: 

VxlVx2  ‘  •  Vxn  v1(comb(x1,x2,  . .  .,xn))  =  x1 

A  v2(comb(x1,x2, . ..,xn))  =  x2 
A  •  •  • 

A  vn(comb(x1,x2,  ...,xn))  =  xn  . 

To  construct  the  flowchart  F  we  first  define  the  translation 

t(t • • *^yn))  of  a  term  x(y1, which  uses  the  functions  of  P 

and  the  variables  y^,  **,,yn  (any  or  aH  of  them  may  be  missing)  .  The 

translated  term  uses  only  the  functions  from  P  U  fv  ....,v  1  and  the 

1  nJ 

variable  y  .  The  translation  may  be  defined  as  follows: 

(a)  T(t())  =  t()  , 

(b)  T(yi)  =  v±{y)  , 

(c)  T(f(T1# . . -,Tk))  =  f (T(t;l)  ,  . . . ,T(t^) )  ,  where  f  is  a  k-ary  function 
letter. 

We  can  now  define  the  statements  of  the  flowchart  F  by  setting  up 
a  correspondence  from  statements  of  the  schema  S*  . 

194 


Statement  of  S 

start  <y1>...,yn)  -  ) 

11ALT(t) 

LOOP 

T  =  T 

1  2 

P(t 

<y1f-*yn)  *~  (T^,...,*rn) 


Statement  of  F 

START  y  -  corab^O,  . .  .,Tn()) 
HALT(T(t)) 

LOOP 

TCt^  =  T(t2) 

p(t(*^) *  •  • 

y  -  comb(T(T1),  . .  .,T(Tn)) 


We  can  prove  the  well  foundedness  of  S  ,  and  the  basic  translation 
lemma  simultaneously  by  induction  on  the  number  of  steps  of  the 
computation. 

Given  an  interpretation  I  for  S  we  can  get  an  interpretation  I 

for  S  (such  that  I  |=  <p  )  as  follows:  the  domain  of  I  ,  Dom(l)  is 

defined  to  be  the  closure  of  the  following: 

(a)  Dom(l*)  c  Dom(l) 

(b)  if  e^e^  . .  .,en  e  Dom(l)  then  the  vector  (e.^  . .  .,en>  e  Dom(l) 
(without  loss  of  generality  we  may  assume  that  vectors  like  this 
are  not  already  present  in  Dom(l*)  ). 


The  functions  and  predicates  of  P  are  defined  as  follows:  if  q 

is  a  k-ary  function  or  predicate,  qfP  ,  then  qfe^...^  )  in  I  is 

defined  to  equal  the  value  of  q(e  ,  ...,e  )  in  I*  if  e.,,...,e  are 

x  n  I  n 

-ft 

all  elements  of  Dom(l  )  ,  otherwise  it  is  arbitrary.  The  function  comb 
is  defined  as  follows: 

comb(e1,  eg, . .  .,en)  =  (e^  ,..,en)  . 
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x 

The  functions  vi>,,,*vn  are  defined  as  follows:  if  e«Dom(T.  )  then 
v^(e)  is  arbitrary,  otherwise  e  is  a  vector  of  elements  in  Dom(l)  , 
e  =  (en,...,e  )  ,  and  v.(e)  =  e.  . 

\  1>  >  n/  ’  iv  '  i 

* 

Now,  the  data  space  of  S  at  any  instant  is  a  set  of  values 
{y1  =  >  y2  =  e2  ,  . .  •  ,  yn  =  en]  where  e^,  ••*,en  are  elements  of 

Dom(l  )  .  We  define  the  function  &  mapping  this  data  space  into  the 
element  (e^, . ..,en)  of  Dom(l)  .  Also,  it  is  clear  that  I  /p  and 
i/p  are  isomorphic. 

Now  the  induction  hypothesis  after  i  steps  in  the  computations 
#  * 

of  S  and  S  (under  I  and  I  respectively)  is  that  the  paths  up 

to  that  point  are  the  same,  and  that  v  =  b(m)  where  m  is  the  data 
* 

space  of  S  after  i  steps,  and  v  is  the  value  of  the  variable  y 
of  S  .  The  initial  step  and  the  induction  step  of  the  proof  are  easy 
to  check. 

We  remark  here  that  there  are  other  possible  translations  of  n-variable 

schemas  to  (p-schemas  that  yield  relatively  more  natural  interpretations  I 

* 

corresponding  to  I  .We  give  an  example  below.  Here,  we  introduce  the  same 
functions  us  before,  i.e.,  comb, v^, . . . , v^  ,  but  also  a  new  predicate: 

:i  sdnla  .  bet  fj,f,,,  •••  be  the  I'unefjons  of  I*  (ine.hidi  rig  »-ur.y 
functions),  and  let  r  be  the  largest  rank  ol'  all  these;  then  q>  is 

Vx1...Yxr  (isdata(x^)  a  ...  A  isdata(xr))  - 
isdata(f1(x1,x2, ...)) 

A  isdataCfgCx^Xg,  ...)) 

A 

A  . -Vxn  (isdata(x1)  a  ...  A  isdata(xr))  -• 
v1(comb(x1, . . ’,xn))  =  x1 
A  v2(comb(xx, — ,xn))  = 

A 
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and  the  flowchart  F  is  the  same  as  in  the  earlier  construction.  In 
this  construction,  the  domain  of  the  interpretation  I  need  not  contain 
vectors  whose  elements  are  also  vectors.  However,  it  should  be  noted 
that  if  these  two  translations  yield  schemas  and  Sg  corresponding 

to  a  conventional  schema  S  ,  then  S^,  ^  . 


k.U.3  Flowchart  Schemas  with  Markers  and  Boolean  Variables 
U.4.3.1  Markers 

* 

Give  a  flowchart  schema  S  with  n  variables  y^,  •  •  •  ,Yn  ,  m 

marker  variables  zn,...,z  ,  and  p  marker  constants  M,,...,M  ,  and 

1  m  l  p* 

predicates  and  functions  P  ,  to  construct  S  =  (F,cp,P)  we  add 
(p+m+n+l)  new  functions:  comb^, . . .  ,vn,w1, . .  . .  .,Mp  .  The 

formula  <p  is: 

Mx  ^  M2  A  /  M5  a  . . .  A  M  ^  Mp 

A  Vy^yg. .  •VynVz1. .  .Vzn  v^comb^,  . .  .,zm))  =  y;L 

A  •  •  • 

A  vn(comb(y1, ...,zm))  =  yn 

A  w^comb^,  ...jzJ)  =  z± 

A  •  •  • 

A  w  (comb(y. , . . .,z  ))  -  z 
m'  1  m"  m 


The  flowchart  F  is  obtained  on  lines  very  similar  to  that  described  in 

Section  h.h.2.2.  The  addition  is  that  a  test  (z.  =  M.)  is  translated 

1  J 

to  a  test  (wi(y)  =  Mj)  —  note  that  in  the  test  (z^  =  Mj) 

corresponds  to  a  marker,  whereas  in  the  test  (w  (y)  =  M.)  ,  the  M. 

J  J 

is  a  zero-ary  function. 
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Well  fcundedness  of  S  and  the  basic  translation  lemma  can  be 

proved  as  before  by  constructing  the  function  5  and  using  the  additional 

induction  hypothesis  that  at  any  point  in  the  computation  the  va^ue  of 

each  z  ,  1  <  j  <m  ,  is  M.  or  M,.  or  ...  or  M  . 

J  —  —  1  2  p 

Flowchart  schemas  with  boolean  variables  can  be  treated  as  marker- 

schemas  where  the  markers  can  have  one  of  two  values  called  "true"  and 

'false" . 


U.U.3.2  Generic  Variables 

A  generic  variable  in  a  conventional  schema  is  an  untyped  variable 
whose  value  can  be  either  a  data  element  or  a  marker  --in  other  words, 
the  "type-'  is  assigned  at  run-time  rather  than  at  canpile  time.  Schemas 
with  generic  variables  differ  from  other  schemas  in  that  there  can  be  an 
"unexpected"  error  condition  of  type  mismatch.  Under  such  conditions 
the  schema  is  assumed  to  loop. 

Given  a  flowchart  schema  S  with  n  generic  variables  y,  ,...,v  , 

1  ,Jn  ’ 

p  marker  constants  M,,...,M  .  and  function  symbols  f.,...,f  with 

J-  P  dm 

rank  respectively  (some  of  the  r's  maybe  zero),  iet  r 

denote  max(c^, .  .*.,rm)  .  Now,  the  corresponding  cp-schema  S  =  (F,<p,  P) 
is  given  as  follows.  We  introduce  m+p*-2  new  functions: 

M^,  ..  .,Mp, ism, comb, v^, ..  .,vn  .  The  formula  cp  is: 


» 
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Mj_  /  Mg  A  /  Mj  A  ...  A  Mp_1  /  Mp 

A  ism(M1)  A  ism(M2)  A  ...  A  ism(M^) 

A  Vx^Vx^. .  .Vxr(-i  ism(x^)  a  ...  A  — t  ism'x^))  -♦ 

->  ism(f  (x„  ...,x  )) 

1 

A  •  •  • 

A  ismff^v'x^  . .  .,xr  )) 

rn 

A  Vx^Xg. .  .Vxr  v1(comb(x1, . .  .,xn))  =  x± 

A  •  •  • 

Avn(comb(x1,...,xn))  .xn  . 

Th^  flowchart  F  can  be  defined  by  setting  up  a  correspondence  between 

statements  of  S*  and  statements  of  F  .  Without  loss  of  generality 

we  assume  that  no  statement  of  S  applies  a  function  or  predicate  to 

a  marker  constant  (for  it  can  be  replaced  by  the  loop  statement).  We 

will  use  the  function  T  defined  in  Section  h.h.2.2,  extended  to  include 

markers  by  letting  T(M^)  =  .  If  are  terns  we  use 

Y(t^, . . . ,t^)  to  denote  the  set  of  variables  y^  appearing  in  , 

lk 

and  if  Y  s  {yk  »...,y^  )  is  any  set  of  variables,  we  use  ism(Y)  us 

1c* 

an  abbreviation  for  (ism(y  )  v  ism(y  )  v  ...  v  ism(y.  ))  . 
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-H- 

Statement  of  S 

START  (y^  ...,yn)  -  <T1(),...fTn()> 
HALT(t) 

LOOP 

yi  'Mj 

if  pC^,  •  .  ->Tk)  then  goto 

else  goto  L2 

<ylj  •••tyn>  -  <*!>  “^Tn> 


Statement  of  F 

START  y  -  comb^Q,  . .  .,Tn() ) 
if  ism(Y(x ) )  then  LOOP  else  }LALT(t) 


LOOP 


if  ismfY^,  ...,T  ))  then  LOOP 
else  if  p(T(Tl),  ...,T(Tk)) 


then 

if  ism(Y(xi 
else  y  - 


goto  L^  else  goto  L^ 

>  •  • -,x  .  ))  then  LOOP 

1 

•  combfT^),..  »T(xn)) 


where  T.  ,...,x  are  the  terms  in  x,,...,T  that  contain  at  least 
l  k  ±  n 

one  function  symbol.  It  can  be  shown  by  induction  that  the  <p-schema  S 
is  well  founded.  However,  the  translation  does  not  satisfy  the  basic 
translation  lemma  to  the  letter  because  extra  tests  are  introduced.  This, 
however,  does  not  violate  the  spirit  of  the  lemma  inasmuch  as  all 
properties  except  freedom  are  considered. 


14  • • 14  Counters,  Stacks,  Arrays,  and  Other  Features 
In  this  section  a  conventional  flowchart  schema  is  a;  surnod  to  have 
a  finite  number  of  discrete  elements:  variables,  counters,  stacks, 
arrays,  queues,  lists,  etc.  In  the  corresponding  <p-schema,  the 
mechanism  of  the  functions  comb  ,  V-,,vn  ic  uced  to  assCT*>le  and 
to  extract  the  various  components  as  in  the  earlier  sections,  and  the 
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corresponding  axioms  will  not  be  repeated.  Similarly,  the  assignment 
to  variables,  and  predicate  tests,  as  well  as  halt  and  loop  statements 
are  handled  as  before.  In  this  section  we  will  concentrate  only  on 
the  translation  of  these  special  features  into  cp-schemas. 


h . U . U . 1  Counters 

fhe  operations  allowed  on  counters  are  retting  a  counter  to  zero, 
testing  a  counter  ■'’or  zero,  and  incrementing  and  decrementing  a  counter 
(decrementing  a  counter  whose  value  is  zero  leaves  it  unchanged). 

To  translate  a  counter  schema  into  a  9-schema  we  introduce  three 
new  functions:  a  zero-ary  function  zero,  ar.d  two  unary  functions 
plusone  and  minusone.  The  axioms  are: 

Vx(plusone(x)  /=  x) 

Vx  minusone(plusone(x) )  x 
minusone(zero)  =  zero 

Note  that  the  axiom  "  Vx  plusone(x)  f  zero  "  follows  from  these. 

We  see  that  we  can  define  sane  new  features  within  the  framework 
of  9-schemas  very  easily: 

(i)  counters  that  take  positive  and  negative  values 

(ii)  testing  two  counters  for  equality 

(iii)  comparison  of  two  counters 

(iv)  addition  and  multiplication  of  counters 

(v)  "counters"  that  take  on  rational  values 

(vi)  schemas  that  can  output  counter  values.  On  the  other  hand, 
input ing  an  arbitrary  counter  value  is  restricted,  owing  to  the 
first  order  notions  of  9-schemas. 
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k.H.4.2  Arrays 

One  dimensional  semi-infinite  arrays  without  booleans  can  be 
"described"  by  using  functions  con  anti  ass  (which  stand  for  "contents", 
and  "assignment"  respectively).  Con(c,A)  represents  the  contents  of 
array  A  at  location  c  ,  and  ass(x,c,A)  represents  the  array  obtained 
by  assigning  the  value  of  array  A  rt  location  c  to  be  x  . 

VxVcVc'Va  con(c,ass(x,c,a))  =  x 

A  c'  /'  c  -  con(e' .ass(x,c,a))  =  con(cr,a)  . 

The  value  of  A[c]  is  translated  to  con(c,A)  ,  and  an  assignment 
A[c]  -y  is  translated  to  ass(y,c,A)  . 

The  start  statement  is  used  to  initialize  all  the  locations  of  p  i 
array  to  some  constant  term  t()  .  Por  this,  we  introduce  a  zero-ary 
function  "init"  in  the  cp-schema  which  represents  an  array  with  all  its 
locations  having  value  f  ,  by  the  axiom 
Vc  con(c,init)  =  t()  . 

In  like  manner  we  can  define  arrays  whose  locations  take  data,  boolean 
and  marker  values,  multidimension  arrays,  arrays  that  are  infinite  in  both 
directions,  and  an  interesting  feature:  arrays  that  are  referenced  by 
terms . 

(  *  \ 

^•^.^•3  Pushdown  Stacks 
One-track  Stacks 

A  conventional  schema  with  a  one-track  pushdown  stack  can  push  data 
values  on  top  of  the  stack,  pop  them,  look  at  the  top  element  of  the  stack, 
and  test  the  stack  to  see  if  it  is  empty.  Statements  allowed  are: 
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(1)  s  -  push(s,y) 

(?)  if  s  =  A  then  goto  L 

else  begin  y  -  Lop(s) ;  s  -  pop(c)  end  . 

We  introduce  the  functions:  top  ,  pop  ,  push  ,  and  A  .  The  axioms 
are  self-explanatory: 

VsVx  push(s,x)  f  A 

A  top(push(s,x))  =  x 
A  pop(push(s,x))  =  c  . 

Tne  resulting  <p-schana  we  get  is  well  founded.  However,  if  in  the 
original  conventional  schema  we  allowed  arbitrary  use  of  push  ,  top  , 
and  pop  ,  e.g . ,  if  statements  allowed  were 

(1)  s  -  push(s,y) 

(2)  if  s  =  A  then  goto  else  goto 

(3)  y  *-  top(s) 

(h)  s  -  pop(s) 

then  the  resulting  (p-schema  nay  not  be  well  founded.  And  with  good 
reason.  The  operation  of  the  original  schema  may  not  be  well  defined  for  all 
cases,  e.g.,  what  happens  when  an  empty  stack  is  popped?  As  an  added 
axiom  we  can  specify 

pop(A)  =  A 

but  the  (p-scheraa  may  still  not  be  well  founded.  The  value  of  top(A)  is 
undefined.  To  overcome  this,  we  may  specify  that  there  are  an  infinite 
number  of  data  elements  "  a  "  (a  zero-ary  function),  at  the  bottom  of 
an  ’empty"  stack;  we  then  have  the  axiom 
top(A)  «  a 

and  the  resulting  schema  is  finally  well  founded. 
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Two-track  Stacks 


A  stack  with  two  tracks  has  one  track  for  data  values,  and  one  for 

i 

markers  (booleans  can  be  represented  us  markers) .  We  could  ullow  inurkers 
and  data  values  to  be  mixed  ir  a  single  track,  but  we  again  have  the 
ad-hoc  condition  that  the  schema  loops  in  case  of  type-checking  error. 

This  is  the  notion  of  a  stack  introduced  in  Section  2.1.2.  The  statements 
allowed  are: 

(1)  s  •-  push(s,y,z) 

(2)  if  s  =  A  then  goto  L 

else  begin  y  -  top1(s);  z  -  top?(s);  s  -  pop(s)  end  . 

The  axioms  are: 

VxVsVm  push(s  x,m)  f  A 

A  top1(push(s,x,m))  -  x 
A  top2(push(s,x,m))  =  m 
A  pop(push(s,x,m))  =  s 


4. 4. 4. 4  Queues 

A  schema  with  a  one-track  queue  can  insert  a  value  at  one  end  of  the 
queue,  can  test  to  see  if  the  queue  is  empty,  and  if  it  is  not  the  schema 
can  look  at,  or  delete  a  value  at  the  other  end.  The  axioms: 

VxVq  add(q,x)  /  A 

A  first (add(A^ x) )  =  x 
A  remove(add(A>x))  =  A 
A  (q  f  A)  -  first (add(q,x))  =  f  rst(q) 

A  (q  /  A)  remove ( add (q,x))  =  add( remove (q, x) ) 
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A  two-track  queue  is  a  queue  that  has  two  tracks,  one  for  data 


values  and  one  for  markers  (see  Section  2.1.2).  The  axioms  are: 

VxVqVm  add(q,x,m)  /  A 

A  first1(add(A,x,m))  =  x 
A  first2(add(A,x,m))  =  m 
A  remove(add(A, x,  m))  =  A 
A  (q  /  A)  -  first1(add(q,x,m))  -  first^q) 

A  (q  /  A)  -  first2(add(q,x,r.i))  =  first2(q) 

A  (q  /  A)  -«  remove(add(q,x,m))  =  add ( remove ( q, x, m) ) 


^.^.^•5  Lists 

Axioms  for  lists  are  very  similar  to  the  axioms  for  pushdown  stacks. 

The  schemas  differ  mainly  in  the  type  of  statements  allowed  (see  Section 

2.1.2),  for  if  stack  schemas  all owed  the  construction  of  a  stack  of  stacks, 

ant?  a  stack  of  stack  of  stacks,  etc.,  we  would  have  a  list  structure. 

Let  f,  ,...,f  denote  the  function  symbols  of  the  schema,  lot 

J.  m 

their  ranks  be  r_,...,r  ,  and  let  r  =  max(r,,...,r  )  .  We  have 

1  m  '  1  m' 


atom (A) 

AVx^...Vxr  atom(f1(x1, 

A  ... 

A  atom(f  (x  , 


•  ,x  ))  a  (f-i  (x,, .  •  *,x  )  /  A) 

1  1 

•>xr  ))  A  (fm(x^,  ...,x  )  j-  A) 

m  m 


A  Vx.jVx2  -i  atom(cons(x^,x2)) 

A  Vx^VXg  car(cons(x1,x2))  =  x 
A  cdrCcons^x^)  = 


^ • 5  Properties  of  Generalized  Schemas 

1* . 5  •  1  Interpreted  Schemas,  Horbrand  Schemas,  arul  Oracle  Schcm- 
When  we  say  that  a  conventional  schema  .is  un .interpreted,  we  mc;ui 
that  any  interpretation  over  its  base  functions  is  relevant  for  the 
schema.  We  say  it  is  uninterpreted  even  though  its  structural  features 
are  interpreted,  e.g.,  the  operation  of  pushing  a  value  into  a  stack,  or 
of  incrementing  a  counter,  is  well  defined.  We  would  like  to  make  this 
notion  somewhat  more  formal,  and  apply  it  to  our  generalized  schemas. 

Definition.  A  well  founded  schema  S  =  (F,cp, P)  is  said  to  be  unir.terp 
if  for  every  interpretation  I  for  P  there  is  an  interpretation  I'  for 
S  whose  subinterpretation  over  P  is  isomorphic  to  I  ,  i.e., 

VI  for  P  ,  21'  for  S,i.e.,  I'[=(p,  such  that 

2  an  isomorphism  9:  (i/P)  ~  (I'/P) 

Note:  we  use  (i/P)  above  instead  of  I  because  there  may  be  some 

elements  in  Dom(l)  that  are  not  reachable,  i.e.,  not  expressible  in 

terms  of  the  functions  of  P  (and,  of  course,  there  may  be  come 

functions  and  predicates  defined  in  I  that  are  not  in  P  ) . 

As  an  example,  let  <p  denote 

& 

Yx  f(g(x))  =  g(f(x))  =  x 

and  let  F  denote 
a 

START  y  -  f (a)  ; 
while  p(y)  do  y  -  f(y) ; 

HALT(gfy))  , 


then  S  =  (F  ,cp  ,  {a,f,p})  is  uninterpreted,  but 
&  &  Q. 


Sa  =  <Fa'Vfa'f'^> 


Is  not.  Note  that  both  So  and  S'  are  well  founded,  but 

a  a 

(Fa,<Pa,  [&> S*p})  is  not. 

For  another  example,  let  cp,  be  the  same  as  cp  and  F  be 

d  a  b 

START  y  -  a; 

while  p(y)  do  y  -  f (y) ; 

HALT(g(y) )  . 

Now.-  Pb  =  {a,f,g,p}  is  tl.  minimal  set  for  which  Sfe  =  <Fb>9b>Pb> 
is  well  founded,  and  S^  is  not  uninterpreted. 

We  should  note  that  all  the  conventional  cp-schemas  (i.e.,  cp-schemas 
corresponding  to  c(marker,pds,q,  list, A)  )  are  uninterpreted  schemas  . 

If  H  is  the  Herbrand  interpretation  corresponding  to  an  interpre¬ 
tation  I  (see  definition  in  Section  2.1.7),  we  write  I  -  H  . 

Definition.  A  well  founded  schema  S  =  (F,<p*P)  is  called  a  semi-Herbrand 
schema  if 

(a)  VI  for  S  ,  3H  for  S  ,  such  that  (i/p)  ^  (h/p)  ,  and 

(b)  TO  for  S  ,  VI-j^  such  that  (i-j/P)  -  (H/P)  ,  3l  for  S  ,  such 

that  (I^P)  =  (i/p)  . 

Note  that  the  definition  of  a  semi-Herbrand  schema  depends  only  on  cp 
and  P  ,  and  not  really  on  F  .  Saying  that  a  schema  S  is  semi-Herbrand 
simply  means  that  for  every  interpretation  for  S  the  corresponding 
Herbrand  interpretation  is  allowed  for  S  ,  and  that  for  every  Herbrand 
interpretation  for  S  all  corresponding  interpretations  are  also  allowed 
for  S  .  Any  uninterpreted  schema  is  semi-Herbrand,  as  is  any  schema  in 
which  cp  is  equality- free. 
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Definition . 
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Herbrand 

Vl,H 

and 


A  semi-Herbrand  schema  S  =  <F,cp,P>  is  said  to  be  a 
schema  if 

for  S  ,  if  (i/p)  *  (H/P)  then  Path(S,l)  =  Path(S,H) 
Val(S,l)  corresponds  to  Val(S,H)  . 


> 


Bote  that  Val(S.I)  aud  Val(S,H)  correspond  in  the  obvious 
sense,  i.e.,  Val(s,I)  is  the  value  in  I  or  the  term  Val(s,u)  of 
functions  of  p  . 


By  this  definition  it  is  clear  that  all  the  conventional  cp-schemas 
without  equality  tests  (in  the  flowcharts)  are  Herbrand  schemas  (see 
also  Theorem  2. 3,  Section  2.1.7).  This  is  not  true,  however  for  the 
cp-schemas  in  general,  for  consider  the  schema  Sc  «  <Fc,<Pc,Pc>  where 

cpc  is  VxVy  p(x, y)  ~  (x  =  y) 


Fc  is  START  y  -  if  p(y,&2)  then  HALT(y)  else  LOOP 
and 


Pc  is  tVa2,p}  • 


Sc  is  not  a  Herbrand  schema  because  for  the  interrelation  I  where 
a1  =  a2  and  p(a1,a2)  is  true,  there  is  no  corresponding  Herbrand 
interpretation  for  Sc.  Further,  S'q  =  (F^,  {a^})  is  also  non- 
Herbrand  because  the  interpretation  H  corresponding  to  i  has 

al  =  the  tem  'V  '  a2  =  the  term  "a2’'  >  pCa^ag)  =  false  ,  but 
the  paths  for  I  and  for  H  are  not  the  same.  So,  we  see  that  we  can 

obtain  the  effect  of  equality  tests  without  actually  using  them  in  the 
flowchart . 

We  should  mention  that  the  notions  of  interpreted  schemas  and 

Herbrand  schemas  are  independent.  Both  S  and  S'  above  are  non- 

c  c 

Herbrand,  but  Sc  is  interpreted,  whereas  S'  is  uninterpreted.  Also, 
consider  q>d  and  Fd  below: 
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<Pd  is  Vx  p(x)  ~  p(f (x) ) 

and. 

Fd  is  START  y  -  a;  if  p(y)  then  HAXT(y)  else  LOOP  . 

Both  Sd  =  <Fd><Pd,  {a,f,p}>  ,  and  =  <Fd^d>{a,p}>  are  Herbrand 

schemas,  but  Sd  is  interpreted,  whereas  -S^  is  uninterpreted. 

Given  a  class  <9  of  interr-etations,  a  schema  S  is  said  to 

halt  on  if  S  halts  on  every  interpretation  I  for  S  ,  where 

Iej  ,*  and  similarly  for  divergence  and  freedom.  And  we  say  that  S  <  S 

1  gen  2 

°n  S1*S2  if  ^1  for  Si  >  Ii€«S1  >  ai2  for  S2  ,  l2e<92  ,  and 

3  an  isomorphism  9:  (I^P)  «  (Ig/p)  such  that  either  both  schemas 

diverge,  or  Val(S2,I2)  =  0(Val(S1,I1))  —  compare  with  the  definition 

of  Sl  -  S2  '  similarly  for  inclusion  and  equivalence, 
gen 

Given  schemas  S1  =  <F1,<p1,P>  and  S2  =  (F2,q>2,P>  ,  let  y±  be 
the  class  of  internet  at  ions  H  for  S1  such  that  (h/p)  is  a  Herbrand 
interpretation;  and  similarly  for  y^  ,  then: 

Theorem  U.l  (Fundamental  theorem  of  Herbrand  schemas) 

For  Herbrand  schemas  S1  ,  S2 

(a)  Sd  halts  if  and  only  if  it  halts  on  y  , 

(b)  S1  diverges  if  and  only  if  it  diverges  on  y  , 

(c)  S1  =  S2  if  and  only  if  =  S2  on  y±  ,  y2  , 

(d)  S1  <  S2  if  and  only  if  <  S2  on  y±  ,  , 

(e)  S  <  S  if  and  only  if  S  <  S  on  y  ,  y  ,  and 

gen  gen  d  12 

(f)  Sx  is  free  if  and  only  if  51  is  free  on  y  . 
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For  the  proof,  see  Section  4.6.  This  theorem  is  an  extended  and 
relatively  more  formal  version  of  Theorem  2.1.2  (in  which  the  class  of 
Herbrand  schemas  was  comparatively  restricted) . 

There  is  another  property  about  conventional  schemas  that  we  would 
like  to  capture.  It  is  that  in  a  single  step  a  conventional  schema  can 
do  only  a  "small"  amount  of  work,  i.c.,  it  can  execute  an  assignment 
statement  or  make  an  atonic  test.  We  can  generalize  the  notion  of  a 
schema  to  what  may  be  called  a  "logic-theory  machine".  A  logic-theory 
machine  is  like  an  ordinary  schema  except  that  it  can  also  make  quantified 
tests,  and  in  general,  a  test  can  be  any  well  formed  formula  (an  even  more 
"powerful"  machine  would  be  one  that  can  also  build  up  formulas  as 
strings,  or  trees).  A  test  that  effectively  looks  at  an  infinite  number 
of  values  may  be  called  an  oracle  test,  and  a  "schema"  that  can  make  such 
tests  may  be  called  an  oracle  schema. 

Definition.  We  say  that  a  formula  ilr  is  over  a  set  P  of  function  and 
predicate  symbols  if  it  uses  no  function  or  predicate  symbols  other  than 
those  in  P  . 

Definition.  given  a  well-founded  schema  f>  (F,<V,P)  ,  we  say  that  !’> 
is  a  non -oraelc  schema  if 

(a)  for  every  patli  in  F  from  the  start  £tatcment  to  a  test,  there 
exists  a  quantifier  free  formula  \|f()  over  F  such  that  for  all 
interpretations  (for  S  )  that  follow  this  path,  the  outcome  (true 
or  false)  of  the  test  eouals  the  value  of  ii()  for  the  interpre¬ 
tation,  and 
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(b)  for  every  path  in  F  from  the  start  statement  to  a  halt  statement, 
there  is  a  quantifier  free  formula  \|r(x)  over  P  such  that  all 
interpretations  (for  S  )  that  follow  the  path,  for  all  elements  x 
in  the  interpretation,  the  output  of  the  halt  statement  is  x  if 
and  only  if  \|r(x)  is  true. 

Lemma  4.2 

Every  well-founded  schema  is  a  non -oracle  schema. 

i 

This  property  of  schemas  (proved  in  Section  U.6)  is  an  important 
one,  and  is  used  in  the  proof  of  the  theorem  of  maximal  schemas 
(Theorem  U.j5). 

M-2  The  Fundamental  Theorem  of  Maximal  Schemas 

Constable  and  Cries  [1972]  suggested  that  the  class  tf  (conventional) 
schemas  with  arrays,  C(A)  ,  are  a  maximal  class  of  (un interpreted) 
schemas.  Chandra  and  Manna  [1972]  showed  that  for  a  "reasonable” 
definition  of  uninterpreted  schemas,  arrays,  by  themselves,  are  not 
adequate,  and  that  equality  tests  too  are  required  --  and  that  the  class 
<^(A,=)  is  strictly  more  powerful  than  C(A)  .  We  show  here  that  the 
class  C( A,=)  is  indeed  maximal  in  our  generalized  schema  formalism. 

Theorem  U.3  (Theorem  of  maximal  schemas) 

The  class  Q,  of  uninterpreted  schemas  is  equivalent  to  the  class 
C(A,-)  of  generalized  schemas  corre sponding  to  the  conventional  schemas 
with  arrays  and  equality  tests;  and,  in  fact,  a  schema  in  C,  can  be 
effectively  translated  into  an  equivalent  schema  in  C-(A, -)  . 
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]-’or  the  proof  of  this  theorem,  see  Section  h.6. 

Intuitively  it  does  room  (.hat  for  conventional  schemas,  the  das. 
C(A)  is  indeed  "maximal”  in  some  sense.  Chandra  and  lanna  1 1*772 1 
conjectured  that  (3(A)  may  be  maximal  for  Herbrand  schemas.  We  show 
that  this  is  indeed  the  ease  for  our  Generalized  schema  formalism. 

■Theorem  (Theorem  of  maximal  Herbrand  schemas) 

ihe  class  (3  of  uninterpreted  Herbrand  schemas  is  equivalent  to 
the  class  C3(A)  of  generalized  schemas  corresponding  to  the  conventional 
schemas  with  arrays;  and,  in  fact,  a  schema  in  C,  can  be  effectively 
translated  into  an  equivalent  schema  in  C-(A)  . 

For  the  proof  of  this  theorem,  see  'lection  »t.6. 

•  b •  t>  Decision  Problems 

We  consider  the  following  decision  problems  for  the  class  of 
T- schemas . 

1.  The  halting  problem  --  given  a  cp-schema  S  ,  to  decide  if  it  halts 
for  every  interpretation  for  S  . 

The  divergence  problem  --  given  u  <p-schema  S  ,  to  decide  if  it 
diverges  for  every  interpretation  for  S  . 

j.  The  equivalence  problem  --  given  two  compatible  <p-schemas  and 

S  ,  to  decide  if  they  are  equivalent.  We  also  consider  the 

generalization  problem  (to  decide  if  Si  <  )  and  the  inclusion 

ger. 

problem  (to  decide  if  51  <  S,.,  ). 
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3 •  1  Tlic  Halting  1^‘ub.li-iti 

Theorem  U . 5 

The  halting  problem  for  <p-schemas  is  not  solvable,  but  it  is 
partially  solvable. 

The  unsolvability  of  the  halting  problem  for  <p -schemas  can  be 
shown  in  many  ways  (e.g.,  by  using  the  unsolvability  of  the  halting 
problem  for  several  classes  of  conventional  schemas),  but  perhaps  the 
simplest  is  the  following.  Consider  the  class  of  schemas,  of  the  form 
(F,<P>P)  where  <p  and  p  are  arbitrary,  and  F  is: 

START  y  *-  a;  LOOP 

Then  a  schema  in  the  class  halts  if  and  only  if  <p  is  unsatisfiabi<_ _ 

which  is  a  well  known  unsolvable  problem. 

The  proof  of  the  partial  solvability  of  the  halting  problan  is  also 
quite  easy,  but  we  defer  it  to  Section  **.6. 
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^.5.3.2  The  Divergence  Problem 

The  complement  of  the  divergence  problem  is  called  the  non-divergence 
probljm,  i.e.,  given  a  schema,  to  decide  if  it  halts  for  any  (relevant) 
interpretat ion . 

Theorem  H . 6 

Both  the  divergence  problem  and  the  non -divergence  problem  for 
schemas  are  not  partially  solvable. 

The  divergence  problem  is  not  partially  solvable  because  the 
divergence  problem  for  one-variable  schemas  with  equality  is  not  partially 
solvable  (see  Chapter  3).  The  non -divergence  problem  is  not  partially 
solvable  because  the  schema  (F,cp,  {a})  where  F  is 
START  y  -  a;  HALT(y) 

halts  for  some  interpretation  if  and  only  if  is  satisfiable  -- 
a  problem  that  is  not  partially  solvable. 

It  is  interesting  to  note  that  while  the  non-divergence 
problem  is  partially  solvable  for  all  conventional  schemas  (e.g.,  those 
of  Section  U.U),  it  is  not  partially  solvable  for  cp-schemas.  One  should 
ask  what  it  is  about  cp-schemas  that  causes  this  difference.  The  next 

theorem  attempts  to  answer  this  question. 

\ 

Lemma  I4.7.  The  non-divergence  problem  for  uninterpreted  schemas  is 
partially  solvable. 

This  follows  directly  from  the  fundamental  theorem  of  maximal 
schemas  and  the  fact  that  the  divergence  problem  for  the  class  of 
conventional  array  schemas  is  partially  solvable. 

2lh 


^•5*3.3  The  Equivalence  Problem 
The  complement  of  the  equivalence  problem  is  called  the  non¬ 
equivalence  problem,  i.e.,  given  two  compatible  ep-scheraas,  to  decide 
if  the  schemas  are  not  equivalent.  Similarly,  we  have  the  non-generaii 
zation  problem  and  the  non-inclusion  problem. 

Lemma  U .  8 .  for  schemas 

(a)  the  equivalence  problem  is  not  partially  solvable, 

(b)  the  non-equivalence  problem  is  not  partially  solvable, 

(c)  the  generalization  problem  Is  not  partially  solvable, 

(d)  the  non-generalization  problem  is  not  partially  solvable, 

(e)  the  inclusion  problem  is  not  partially  solvable, 

(f)  the  non-inclusicn  problem  is  not  partially  solvable. 

The  parts  (c),  (d),  (e)  and  (f)  follow  directly  from  (a)  and  (b) . 
Parts  (a)  and  (b)  follow  from  the  fact  that  the  equivalence  and  the 
non-equivalence  problems  for  one-variable  monadic  schemas  are  not 
partially  solvable  (see  Chapter  3). 


^•6  Proofs 

^•6.1  Proof  of  the  Translation  Lemma 

We  will  only  show  the  following  parts  of  the  lemma.  The  others 


follow 

analogously . 

oo 

Sj.  <  S2  iff 

*  * 

S1  -  S2  ’ 

(7) 

<\  <  iff 

VI 

V* 
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Let  P  denote  S(S^)  ,  which  is  the  same  as  £(s*)  >  and 

S1  =  <Fl-  VP)  »  S2  =  <F2’VP>  ' 

Given: 

Vll  for  si  »  3I2  for  S2  s.t.  39:  (i^P)  ~  (yp)  , 

if  ValfS^y  is  defined  then  Val(S2,I2)  =  ©(ValfS^y)  (a) 

and 

VI2  for  S2  ,  3^  for  s.t.  39:  (yP)  «  (yP)  , 

if  Val(S^,  1^)  is  defined  then  Val(S2,I2)  =  0(Val(S1, 1  ) ) .  (b) 

To  prove: 

VI1  for  Sl>  3I2  for  S2  39:  (l*/P)  ~  (I*/P)  , 

if  ValfS^y  is  defined  then  Val(S2,I*)  =  0(Val(S*, I*) )  (a') 

and 

VI2  for  S*  ,  31*  for  S*  s.t.  39:  (  [/?)  ~  (I */P)  , 

if  ValCS^y  is  defined  then  Val(S*,I2)  9(Val(C*, I*)) .  (b‘) 

We  will  show  (a'),  and  (b')  follows  in  a  similar  fashion. 

.river  any  1^  for  G^  ,  by  condition  2(b)  of  the  translation  lemma, 
j!1  for  51  and  30^  (I^P)  -  (ij/P)  s.t.  if  Val(S*,I*)  is  defined 
then  Val(S1,I1)  *  91(Val(S1, 1^^) )  .  Then,  by  (a)  above,  3l,  for  S 

and  i92:  (I^/P)  •*  (l2/p)  s.t.  if  Val(S1,I1)  is  defined  then 
/al^SgjIg)  =  02(Val(S1,I1))  .  Finally,  by  condition  2(a)  of  the  trans¬ 
lation  lemma,  3l*  for  S2  and  39, ;  (i£/p)  ~  (yP)  s.t.  if 

Val(S2,I2)  is  defined  then  Val(Sg,I2)  =  e3(V«M(S*,I*))  .  Thus  we 
have  a  9  (9  =  0’1  .  ©2  •  0^  ,  0:  (l*/P)  ~  (i^/P)  ,  and  if 

/alfC-^y  is  defined  then  Val(S*,I*)  =  0(Val(S*,I*) )  . 


If  S*  <  S*  then  Sx  <  s2  . 

This  proof  is  analogous  to  the  proof  above  (by  interchanging  the 
starred  schemas  and  interpretations  with  the  unstarred  ones) . 

If  Ci  <  then  cj  <  • 

Given:  ^S2C^2  s,t‘  S1  E  *  To  Prove  that 

VS*e(£  S  *<£.*  s.t.  S*sS*  . 

# 

Notation .  If  S  is  any  conventional  schema,  and  S  is  the 

* 

corresponding  generalized  schema  we  say  S  =»  S  .  Also,  if  ,  S2 
are  any  two  generalized  schemas  such  that  =  (F,<p,P^>  and 
Sg  =  (F,q>,P2)  and  P1  c  P2  then,  too,  we  say  S.^  »  S2  . 

-g-  -g-  * 

Proof.  Given  any  •  Let  S1  =»  S1  .  Then  S-^eC^  by 

construction  of  •  By  hypothesis,  3S 2^  S,t’  S1  5  S2  '  Let 

# 

S1  =  (F^^j^jP)  where  P  =  £(S  )  and  S2  =  (F2,q>2,P)  .  Now,  by  the 

-g-  -g- 

construction  of  and  3S2g3-2  s.t.  S2  =*  =>  S2  ,  i.e., 

.  *. 

S*  =  (F^,<J>2,P^)  and  C(S2)  *  P1  c  P  .  We  wish  to  show  that  this  is 

*  *  * 
the  required  S2  ,  i.e.,  si  “  ‘ 

Part  (i)  S*  <  S*  . 

_ gen 

#  -g-  -g-  # 

To  prove  that  Vl1  for  S.^  ,  3l2  for  S2,P  , 

39:  (l*/p)  -  (I^/P)  ,  and  Val(L*,I2)  =  9(Val(S*,I*))  or  both  are 
undefined. 

*  g- 

For  any  1^  for  ,  by  2(b)  of  the  lemma  3l^  for  , 

39x:  (l*/P)  -  (Ix/P)  >  Val^,^)  =  01(Val(S*,I*))  or  both  are 

undefined.  Now,  as  a  S2  we  have,  by  definition,  3l2  for  S2  , 
392:  (Lj/P)  -  (I^P)  ,  and  Val(S2,I2)  =  ©2( Val(S1,I1))  ,  or  both  are 
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undefined,  and  as  *  S2  ,  Val(S3,l2)  =  9g( ValfS.^) )  or  both  are 
undefined.  From  2(a),  Hi*  for  S*  ,  39^:  (i*^)  ~  (ig/p  )  , 

Val(S2,I2)  =  ©3(Val(S2,I3))  .  Finally,  by  1(b),  Vi*  for  P  , 

3l2  for  S2,P  s.t.  39^:  (ig/P)  *♦  (l+/P)  .  We  choose  I*  to  be  I*  . 

So  3lg  for  S2,P  ,  39^:  (ig/P)  -  (i^/P)  ,  and  as  2(S*)  c  P  we 
have  Val(S2,I3)  =  9^(Val(S2,I2))  .  This  gives  us  the  required 
9;  (I^/P)  -  {llj?)  s.t.  Val(S2,I2)  =  9(Val(S^,I^))  ,  and,  in  fact, 

9  is  Q'1  o  9"1  •  92 . 9X  . 

Part  (ii)  S*  <  S*  . 

_ _ gen 

This  proof  is  analogous. 

If  ^1  -  ^2  then  ^  5  * 

Given  ^®i^I  332c^2  s.t.  =  Sg  .  To  prove  that 

^Sl€^l  3S2eC'p  s't*  Si  H  S2  ’ 

Given  any  S^eC^  .  By  the  construction  of  ,  SS^cC^  , 

-M-  -M-  -M- 

33lcCl  s,t*  S1  “*  S5  *  S1  •  Let  S!  =  <F1^«P1,P1>  and  =  <F1,qJ1,P>  , 

Pc  Px  .  By  hypothesis,  3S*cC*  s.t.  S*  2  s*  .  Then  using  the 

interpolation  lemma  for  conventional  schemas  (condition  3  of  the 

translation  lemma)  HS*cc£  s.t.  2(S*)  =  EfSj  =  P  ,  and  S*  *  S*  . 

* 

Let  S2  =»  Su  ,  then  =  (F2,(p2»P)  ,  S^e/V,  ,  and  by  the  construction 
of  C%  >  (F2,<P2>  pi>€C-2  •  Let  S2  denote  <F2,«p2,P1>  .  This  is  the 
desired  schema;  we  have  to  prove  that  =  Sg  . 

Part  (i)  8^^582. 

_ gen 

To  prove  that  for  S±  ,  3lg  for  Sg  s.t.  39:  (l^/p)  ~  (1  yP)  , 

and  Val(S2,I2)  =  9(Val(S^,l^))  or  both  arc  undefined. 
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Given  any  1^  for  .  Then  1^  is  also  for  and 
Val(S1,I1)  =  Val^,^)  .  By  2(a)  SI*  for  S*  ,  39^  (I*/P)  -  (Lj/P) 

s.t.  Val(S^,  1^)  =  ©1(Val(S*,I*))  .  As  S*  h  S*  ,  we  find  that 
31*  for  S*  ,  392:  (l*/P)  -  (l*/P)  s.t.  Val(S*,I*)  =  ©2(Val(S*,I*))  . 
By  2(b),  3IU  for  Su  ,  3©^  (l*/P)  ~  (ij/P)  s.t.  Val(S,,,Iu)  = 

0^(Val(So,l2))  or  both  are  undefined.  By  1(a),  as  I1  is  for  and 
(Ij/P)  -  (1,/P)  ,  3Ig  for  S2,P1  ,  39u:  (Ig/P^  -  (Ij/P.,.)  .  Hence 

Oj1  •  ®1  •  O’1  °  9j1;  (I^/P)  -  (I^P)  and  by  the  well-foundedness  of  , 

Val(Su,I2)  =  ©j;1  •©1  •9‘1(Val(SvI1+))  -  ©^(ValfS^L,))  or  all 

diverge.  But  is  an  interpretation  for  ,  and 

Val(S2,I2)  =  Val(S^,I2)  =  0^1(Val(S1,I]L))  or  all  diverge.  This  completes 

the  proof  that  S..  <  S2  . 

X  gen 

Part  (ii)  S2  <  S1  . 

_ gen 

This  is  proved  likewise. 


U.6.2  Proof  of  Theorem  k.l 

Given  Herbrand  schemas  =  (F^^-^jP)  and  S 2  =  (F2,92,P)  ,  let 
be  the  class  of  interpretations  H  for  such  that  (h/p)  is  a 

Herbrand  interpretation,  and  similarly  for  V2  ,  then 

(a)  halts  if  and  only  if  it  halts  on  » 

(b)  diverges  if  and  only  if  it  diverges  on  > 
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(C) 

S1HS2 

if 

and  only  if 

S1  5  S2  on  V1 

r> 

(d) 

Si<s2 

if 

and  only  if 

S!<S2  on  Vx 

(e) 

S1  -  S2 

if 

and  only  if 

S1  <  Sg  on  Ji 

gen 

1  gen 

1  >  *2  * 


(f)  is  free  if  and  only  if  it  is  free  on  . 

Proof:  For  cases  (a),  (b),  (f)  the  "only  if"  part  is  trivial;  and  so 

is  the  "if"  part  because  if  any  path  is  taken  by  the  computation  of  S1 
on  any  interpretation  I  ,  then  the  same  path  is  taken  by  the  computation 
on  some  interpretation  • 

We  show  the  theorem  for  case  (e),  and  the  other  cases  can  be 
proved  analogously. 

The  "only  if"  part  is  easy,  because  given  <  Sg  ,  if 

gen 

is  an  interpretation  for  ,  then  there  is  an  interpretation  Ig  for 
S2  such  that  (H-j/P)  and  (Ig/P)  are  isomorphic,  and  the  outputs 
correspond,  but  there  is  an  interpretation  Hge?/g  isoraorP1:iic  I2  ’ 
and  hence  we  have  that  (H^P)  and  (Hg/P)  are  isomorphic,  and  their 
outputs  correspond. 

The  "if"  part  can  be  proved  as  follows  Given  that  <  Sg 

X  gen 

on  ,  i .  e . , 

W1  for  S1  ,  H.^  , 

3H2  for  S2  ,  H2eV2  ,  and  Val(S2,H2)  =  ValfS^Hj)  ,  or  both 
are  undefined  (note:  the  isomorphism  is  identity). 


to  show  that  J  Sg  ,  i.e.. 


for 

ai2  for  S2  ,  and 

3  an  isomorphism  0:  (l.j/P)  «  (X^/P)  ,  such  that 
Val(S2,I2)  =  9(Val(S1,I1))  ,  or  both  diverge. 

Now,  given  any  1^  for  S1  ,  by  the  definition  of  Herbrana  schemas, 

h 

there  exists  an  H1  for  S.^  such  that  (i^/P)  -*  (H^/P)  ,  and 
Val(S1,I1)  corresponds  to  (the  term)  Val(S^,H.j)  ,  or  both  diverge. 
From  the  hypothesis,  there  is  an  H2  for  S2  ,  H2eV2  ,  such  that 
Val(S1,H1)  =  Val(S2,H2)  .  And  again,  as  S2  is  a  Herbrand  schema,  for 

any  for  which  1^  -  (H2/P)  ,  there  is  an  I2  for  S2  such  that 
(I^/P)  =  (Ig/P)  and  Val(S2,I2)  corresponds  to  Val(S2,H2)  .  We  will 
choose  I£  simply  to  be  (iy'p)  •  We  now  have  the  desired  9  : 
it  is  simply  the  identity  function,  and  either  both  Val(S^,I^)  and 
Val(S2,I2)  are  undefined,  or  they  are  equal  because  both  correspond  to 
the  same  term. 

□ 


4.6.3  Proof  of  Lemma  4.2 

Every  well-founded  schema  is  a  non-oracle  schema. 

Given  a  well-founded  schema  S  =  <F,cp,P>  and  a  path  in  F  from  the 
start  statement  to  a  test  or  a  halt  statement,  we  can  represent  the 
conjunction  of  all  tests  (every  test  at(y)  is  changed  to  a'()  by 
substituting  the  value  of  y  )  executed  along  this  path  (or  their 
negations  if  the  false  exit  is  taken  by  the  path)  by  a  formula  . 

Then  every  interpretation  that  follows  this  path  in  the  schema  satisfies 
q>  A  q>^  ,  and  every  interpretation  that  satisfies  q>  A  <P1  follows  this  path. 
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p 


p 


9 


w 


X 


r. 


r. 


*: 


We  use  the  result  (see,  for  example,  Shoenfield  [  1967],  Section  5.5, 
Lemma  4)  that  given  sentences  T\  ,  f  ,  and  a  set  P  of  functions  and 
predicates,  if  whenever  I1  (-  ,  I2  |-  Tj  ,  and  (I^P)  isomorphic 

to  (Ig/P)  we  have  I1  |-  if  and  only  if  I  f-  ,  then  there 
exists  a  quantifier  free  sentence  t  over  P  such  that  7)  -  (i|M  «  1)/) 
is  valid. 

Suppose  our  given  path  in  F  leads  to  a  test  statement,  then  the 
test  can  be  represented  as  a  simple  atomic  test  (x  only  on  constant 
terms,  and  we  have,  by  the  well-foundedness  of  S  ,  that  whenever 
Ij  |-  9  A  9^  ,  |-  9  A  9^  j  (I^/P)  isomorphic  to  (I^/P)  we  have 

Ij  |-  <2  if  and  only  if  1^  |-  a  .  We  hence  have  a  sentence  such 
that  9  A  <Pj  -  (a  ~  ,  and  by  the  deduction  theorem  cp  A  91  j-  (a  **  \|r)  , 

i.e.,  for  all  interpretations  that  follow  this  path,  the  outcome  of  the 
test  equals  the  value  of  the  quantifier  free  formula  \|/  over  P  (which 
is  the  requirement  for  a  non-oracle  schema) . 

If,  on  the  other  hand,  the  given  path  in  F  leads  to  a  halt  statement, 
then  the  output  is  some  (constant)  term  t()  .  If  we  now  introduce  a 
new  zero-ary  function  a^  into  interpretations  for  the  schema,  we  have 
that  whenever  1^  |-  9  A  9X  >  I2  |-  9  A  9  ,  (l^^  /  P  U  £a0 })  isomorphic 
to  (I2/  PU{aQ})  ,  we  have  I1  J-  aQ  =  t()  if  and  only  if  I  j-  a0  =  t() 
by  the  well-foundedness  of  S  ,  and  hence  there  is  a  formula  ty(aQ) 

(we  call  it  ^(&q)  instead  of  for  convenience)  such  that 
9  A  91  -  (a0  =  t()  **  ty(aQ))  .  But  aQ  doesn't  appear  in  9  A  ^  , 
and  hence  9  A  9-j_  -*  Vx(x  =  t()  «  t(x))  ,  and  again  by  the  deduction 
theorem  9  A  9^  |-  Vx(x  =  t()  **  ^(x))  ,  which  is  the  desired  result. 

This  concludes  the  proof  of  Lemma  4.2. 
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k.6.k  Proof  of  Theorem  b.3 


The  class  £  of  uninterpreted  schemas  is  equivalent  to 

the  class  £{ A,  =)  of  <p-schemas  corresponding  to  the  conventional 

schemas  with  arrays  and  equality  tests. 

Given  a  schema  S  =  (F,q>,P)  in  £  we  will  construct  a  conventional 
* 

schema  S  with  arrays  (and  counters)  and  equality  tests  having  the 
symbols  of  P  as  its  base  functions  and  predicates,  such  that  for  any 
interpretation  I  for  S  ,  Val(S,l)  =  Val(S*,l/P)  .  We  can  then 
translate  S  into  a  generalized  schema  in  the  standard  way  (see 
Section  b.b) .  It  should  be  noted  that  since  it  is  unsolvable  if  any 
given  schema  S  is  an  element  of  £  ,  our  translation  process  will  go 
through  even  for  schemas  not  in  £  •  However,  it  will  not  necessarily 
be  correct.  If  the  given  schema  S  is  interpreted,  then  S±  will  not 
be  equivalent  to  S  ,  but  will  be  a  strict  generalization.  If  S  is 
_not  well  founded,  then,  of  course,  equivalence  is  not  well  defined. 

We  will  make  use  of  the  fact  that  a  conventional  schema  with  counters 

can  simulate  the  behavior  of  any  schema  except  when  it  comes  to  making 

tests,  or  halting,  in  which  case,  it  has  to  make  use  of  its  base 

functions  and  indicates. 

* 

S  proceeds  as  follows.  It  simulates  the  computation  of  S  , 

keeping  track  of  the  value  of  the  single  variable  of  S  (as  a  constant 

term) .  It  also  keeps  track  of  any  tests  that  S  has  made  along  the 

path.  This  is  kept  as  a  formula  a  =  ol  A  a.  a  ...  a  a  where  each  a 

J-  c  n  i 

is  an  atomic  formula  or  a  negated  atomic  formula.  When  S  comes  to  a 
test  g  ,  S  enumerates  all  valid  formulas  until  it  comes  to  one  of  the 
form 
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t 
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cp  a  a  -  (4  «  0) 

where  4  is  a  quantifier  free  formula  that  uses  only  the  base  functions 

and  predicates  from  P  (note:  we  are  using  here  the  completeness  theorem 

for  first  order  predicate  calculus  with  equality,  and  the  fact  that  S 

is  non-oracle) .  S  then  makes  the  appropriate  tests  to  determine  if  4 

is  true  or  false,  and  updates  a  to  <x^  a  ...  A  ct^  a  0  if  4  is  true, 

or  to  QL  A  . . .  A  Cc  A -i0  if  4  is  false.  When  S  Comes  to  a  halt 
l  n 

statement  HALT(x(y))  ,  S  enumerates  all  valid  formulas  until  it  comes 
to  one  of  the  form 

<p  A  a  -  Vx((x  =  t)  «  4(x)) 

where  t  represents  x(y)  in  which  the  value  of  y  (as  a  term)  is 

substituted  for  y  ,  and  4(x)  is  quantifier  free,  and  uses  only  the 

* 

symbols  of  P  .  When  such  a  formula  is  found,  S  enumerates  all 
elements  reachable  by  applying  functions  of  P  ,  and  halts  on  the  first 
element  x  "or  which  4(x)  is  true. 

A  final  note  seems  to  be  in  order.  To  be  very  formal,  the  class 
d(A,  =)  is  to  be  interpreted  not  just  as  the  class  (*,  of  schemas 
corresponding  to  the  conventional  schemas  with  arrays  and  equality, 
but  the  class  obtained  by  renaming  the  function  and  predicate  symbols 
of  schemas  (in  C,  )  in  all  possible  ways  (distinct  symbols  must,  of 
course,  remain  distinct) .  The  reason  is  that  in  the  translating 
process  we  used  certain  function  and  predicate  symbols  which  couldn't 
appear  in  the  set  P  of  any  schema  (F,q>,P)  in  C-  . 

□ 


t 
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4.6.5  Proof  of  Theorem  4.4 

Every  schema  in  the  class  of  uninterpreted  Herbrand  schemas  can 
be  effectively  translated  into  an  equivalent  (p-schema  corresponding 

to  a  conventional  schema  with  arrays. 

Given  an  uninterpreted  Herbrand  schema  S  =  (F,<p,P)  we  construct 

conventional  schema  S*  with  arrays  (and  counters),  as  in  the  previous 

* 

section,  such  that  the  generalized  schema  corresponding  to  S  is 
equivalent  to  S  . 

S*  simulates  the  computation  of  S  ,  keeping  track  of  the  value  of 
the  single  variable  of  S  (as  a  constant  term) .  It  also  keeps  track 
of  the  tests  S  has  made  along  the  path  of  the  computation,  as  a 
formula  a  .  When  S  comes  to  a  test  6  ,  S*  enumerates  all  valid 
formulas  until  it  comes  to  one  of  the  form 
<p  A  a  -  (ty  ~  6) 

where  y  is  quantifier-free  and  is  over  P  .  (Actually  we  can  show 
that  there  always  exists  an  equality -free  Ur  of  this  kind,  but  that  is 
unnecessary.)  S*  now  makes  the  appropriate  tests  to  determine  \{r  for 
Herbrand  interpretations.  For  this  reason  it  doesn't  need  "to  make  any 
tests  of  equality.  The  same  exit  would  be  taken  for  all  interpretations 
for  S  by  the  Herbrand  property,  and  hence  S  can  update  a  and 
continue  simulation  of  S  . 

When  S  comes  to  a  halt  statement  HALT(”r(y))  ,  S  enumerates 
all  valid  formulas  until  it  finds  one  of  the  form 
<p  A  a  -  Yx((x  =  t)  -  \|r(x)) 

where  t  represents  t(y)  with  the  value  of  y  substituted  for  the 
variable  y  ;  and  ^(x)  is  quantifier-free,  and  over  P  .  S  enumerates 
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all  elements  reachable  by  applying  functions  of  P  ,  and  halts  on  the 
first  element  x  for  which  \|'(x)  is  true  assuming  a  Herbrand  inter- 
pretation.  When  S  is  converted  to  a  generalized  schema  ,  the 

outputs  of  S  and  are  the  same  for  all  interpretations  by  the 
Herbrand  property  of  S  . 

* 

*♦•6.6  Proof  of  Theorem  t.b 

To  chow  that  the  halting  problem  for  (p-cchemas  is  partially 
solvable . 

The  partial  solvability  of  the  halting  problem  can  be  shown  by 
reducing  thj.s  problem  to  the  validity  problem  of  formulas  of  first 
order  predicate  calculus,  with  equality,  which  is  partially  solvable. 

We  use  the  approach  used  by  Manna  [1968,  I969J.  Given  a  flowchart  F  , 
we  associate  with  F  formula  ^(F)  of  predicate  calculus  such  that  F 
halts  for  all  interpretations  if  andonly  if  ^(F)  is  valid,  ^(f)  is 
constructed  as  follows.  Let  all  statements  of  F  be  labeled  L 

1  n 

Associate,  with  each  statement  ,  a  predicate  .  Let  be  the 

conjunction  of  the  axioms  obtained  as  shown  below: 


Statement 


Axiom 


START  y  -  x() ;  goto 

HALT(t  (y)) 

Vx  qi(x)  -  q 

Ll:  LOOP 

(no  axiom) 

y  -  r(y);  goto 

Vx  q^x)  -  qj(t(x)) 

L^:  if  a(y)  then  r„oto  Lj 

Vx  q^x)  a  a(x)  -*  q  (x) 

else  goto 

A  q^x)  a  -i  a(x)  -*  q^( 

Then  \[r(F)  is  \|r'  -  q  (q  is  introduced  in  the  axiom  for  a  halt 
statement)  .  We  then  find  the  schema  (F,<p,P>  halts  if  and  only 
if  <P  -  \|r(F)  is  valid. 
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